oss-sec mailing list archives
Re: CVE Requests for Drupal Core - SA-CORE-2016-004
From: cve-assign () mitre org
Date: Wed, 28 Sep 2016 16:19:33 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://www.drupal.org/SA-CORE-2016-004
Users without "Administer comments" can set comment visibility on nodes they can edit
Use CVE-2016-7570.
Cross-site Scripting in http exceptions
Use CVE-2016-7571.
Full config export can be downloaded without administrative permissions
Use CVE-2016-7572. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX7CVvAAoJEHb/MwWLVhi2BdYQAIBhKIpY/Uq+mCbHDidgRMra g9tgf7Jit9kDtGhS93eafrBhFVsiZgNPa7F3kPxsVivbPL2fzyAM5QLIuh9FK9dB PrsubVdejpqpEXTcAPvgiB1nxkqLsYqf5uFlUBSYkgDuSYdf5AVt4xZ2u7hh+PEO zlkS3Y+8hteaR1k/Oy/LXR8+QeHYD4126AhocIEX7yooyQLEDC6zaU7BvgWVXpY3 Sv8dDMQ7eUk+UBgEfih33/+spqMrVKQJcKcIDP5yIH+hCaYTEK8atHJIIFQL1R0b cjEshwhdDCAFnqn5qtxTdZTQlx5PZGD0aZCiuVzr/5eNE61UGnVfmkQMMu8mDJkQ kivhXiH2A7noNPd6S3SWRbNIfP5HXta30BcSWQwZKAPERnNFbFwLs/L1Lzf7MiL1 D4Cccl+j3Bvval90rrKDYHcbavKnvLraEms5TWWUB/fwTMVUlgGstRd/RmyPRMnm TBfsNn62LidMEDQfiJdtPgcoM6lPeEs/FxrClRu/B4FcGRYduxFOSWuLod53rr+8 TFWEsHF7+PdGiz4WjeSHMh9it8Mw15qlvcnYegsPiNkbCx0cYH4BYaPMx8oEEVNR zf4eAfW+2ne4QaL9MiK7x/aMV+n2BkNBloYLRz5pk4exEtVmf8l0Hzh88uUtLebo sPe3L9lN2+vXKIalxg0Q =/g1W -----END PGP SIGNATURE-----
Current thread:
- CVE Requests for Drupal Core - SA-CORE-2016-004 Pere Orga (Sep 28)
- Re: CVE Requests for Drupal Core - SA-CORE-2016-004 cve-assign (Sep 28)