oss-sec mailing list archives
CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 11 Jul 2011 12:44:12 +0200
Hello Josh, Steve, vendors, this: [1] http://drupal.org/node/1204582 From [1]: Access bypass in node listings: ========================================= Listings showing nodes but not JOINing the node table show all nodes regardless of restrictions imposed by the node_access system. In core, this affects the taxonomy and the forum subsystem. ... Versions affected: ================== Drupal 7.0, 7.1 and 7.2. References: ------------ [2] https://bugzilla.redhat.com/show_bug.cgi?id=717874 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385 doesn't seem to have a CVE identifier allocated yet. Could you allocate one? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Jan Lieskovsky (Jul 11)
- Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Josh Bressers (Jul 12)