oss-sec mailing list archives
CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix
From: Kousuke Ebihara <ebihara () tejimaya com>
Date: Tue, 10 Sep 2013 14:03:11 +0900
Hi, I'm a member of OpenPNE security handling team. We've released our OSS product, OpenPNE 3, opWebAPIPlugin and opOpenSocialPlugin to fix XXE vulnerability. Whould you assign CVEs to them? 1. OpenPNE 3 XXE Vulnerabilities Affects: 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 Fixed: 3.8.7.1, 3.6.11.1, 3.4.21.2, 3.2.7.7, 3.0.8.6 Commit: https://github.com/openpne/OpenPNE3/commit/6147099848185a82a18d1ba8aa84e69a7eadfcba Security Advisory: http://www.openpne.jp/archives/12091/ Original reporter of this vulnerability: Kousuke Ebihara Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service 2. opWebAPIPlugin XXE Vulnerabilities Affects: 0.5.1, 0.4.0, 0.1.0 Fixed: 0.5.1.1, 0.4.0.1, 0.1.0.1 Commit: https://github.com/ebihara/opWebAPIPlugin/commit/8820a4a8d7b8c8fbfa4533cc5645f371d454ca5b Security Advisory: http://www.openpne.jp/archives/12091/ Original reporter of this vulnerability: Kousuke Ebihara Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service 3. opOpenSocialPlugin XXE Vulnerabilities Affects: 0.8.2.1, 0.9.9.2, 0.9.13, 1.2.6 Fixed: 0.8.2.2, 0.9.9.3, 0.9.13.1, 1.2.6.1 Commit: https://github.com/openpne-ospt/opOpenSocialPlugin/commit/a19c02997cf3045ad18b57c14a05465bfb3ae88c Security Advisory: http://www.openpne.jp/archives/12091/ Original reporter of this vulnerability: Kousuke Ebihara Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service Thanks, Kousuke -- Kousuke Ebihara ebihara () tejimaya com
Current thread:
- CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix Kousuke Ebihara (Sep 09)
- Re: CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix Kurt Seifried (Sep 11)