oss-sec mailing list archives
CVE request: usebb before 1.0.11 unauthorized access to content
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 8 Oct 2010 23:29:51 +0200
http://www.usebb.net/community/topic.php?id=2501 A security issue has been discovered in UseBB 1.0.10 with per forum and topic RSS feeds in combination with restricted forum access permissions, giving users access to post contents that should remain hidden. Anyone having a restricted "read" permission set but NOT an equal or more restricted "view" one is prone to this issue. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: usebb before 1.0.11 unauthorized access to content Hanno Böck (Oct 08)
- Re: CVE request: usebb before 1.0.11 unauthorized access to content Josh Bressers (Oct 11)