oss-sec mailing list archives

CVE request: usebb before 1.0.11 unauthorized access to content

From: Hanno Böck <hanno () hboeck de>
Date: Fri, 8 Oct 2010 23:29:51 +0200

http://www.usebb.net/community/topic.php?id=2501


A security issue has been discovered in UseBB 1.0.10 with per forum and topic 
RSS feeds in combination with restricted forum access permissions, giving 
users access to post contents that should remain hidden. Anyone having a 
restricted "read" permission set but NOT an equal or more restricted "view" 
one is prone to this issue.


-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: usebb before 1.0.11 unauthorized access to content Hanno Böck (Oct 08)
- Re: CVE request: usebb before 1.0.11 unauthorized access to content Josh Bressers (Oct 11)