oss-sec mailing list archives
Re: CVE request: piwik before 1.6
From: Henri Salo <henri () nerv fi>
Date: Fri, 28 Oct 2011 10:04:25 +0300
On Sun, Oct 23, 2011 at 02:41:17PM -0400, Josh Bressers wrote:
The advisory just says there are a bunch of security fixes by all these people, with no actual information. Such vagueness is only going to create confusion, which will create extra work for me if I try to assign IDs to such an advisory.
Now there is information in the URI. Facts: - Affect all Piwik users that have let granted some access to the "anonymous" user - Remotely exploitable vulnerability that could allow a remote attacker to execute arbitrary code - Versions affected Piwik 1.2, 1.3, and 1.4 - Credits: Neal Poole These details should be enough information for CVE assignment. I can also verify this issue if you want for every version? If there isn't enough details I can dig more :) Best regards, Henri Salo
Current thread:
- CVE request: piwik before 1.6 Hanno Böck (Oct 19)
- Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)
- Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
- Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
- Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
- Re: CVE request: piwik before 1.6 Henri Salo (Oct 27)
- Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
- <Possible follow-ups>
- Re: CVE request: piwik before 1.6 Henri Salo (Oct 28)
- Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)