oss-sec mailing list archives
Re: CVE request for Drupal contributed modules
From: Forest Monsen <forest.monsen () gmail com>
Date: Wed, 6 Nov 2013 10:32:37 -0800
On Sun, Nov 3, 2013 at 8:36 AM, Kurt Seifried <kseifried () redhat com> wrote:
SA-CONTRIB-2013-083 - Quiz - Access Bypass https://drupal.org/node/2123995 (This appears to me to be two issues; an access bypass, and an access bypass leading to information disclosure.)Yes, two issues, two reporters, so CVE SPLIT to two CVE's, I can't match the reporter to the issue though without more info, if you can post that in a follow up it'd be helpful to Mitre.
No problem. See below:
Please use CVE-2013-4500 for Drupal SA-CONTRIB-2013-083 - Quiz - Access Bypass in deleting quiz results
Reported by 'nirvanajyothi', https://drupal.org/user/252387 Please use CVE-2013-4501 for Drupal SA-CONTRIB-2013-083 - Quiz -
Access Bypass in viewing quiz results
Reported by 'Cat Hirst,' https://drupal.org/user/162748
Current thread:
- CVE request for Drupal contributed modules Forest Monsen (Oct 18)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Oct 18)
- <Possible follow-ups>
- CVE request for Drupal contributed modules Forest Monsen (Nov 02)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 03)
- Re: CVE request for Drupal contributed modules Forest Monsen (Nov 06)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 03)
- CVE request for Drupal contributed modules Forest Monsen (Nov 17)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 18)