oss-sec mailing list archives

Re: CVE request for Drupal contributed modules

From: Forest Monsen <forest.monsen () gmail com>
Date: Wed, 6 Nov 2013 10:32:37 -0800

On Sun, Nov 3, 2013 at 8:36 AM, Kurt Seifried <kseifried () redhat com> wrote:

SA-CONTRIB-2013-083 - Quiz - Access Bypass
https://drupal.org/node/2123995 (This appears to me to be two
issues; an access bypass, and an access bypass leading to
information disclosure.)


Yes, two issues, two reporters, so CVE SPLIT to two CVE's, I can't
match the reporter to the issue though without more info, if you can
post that in a follow up it'd be helpful to Mitre.


No problem. See below:

Please use  CVE-2013-4500 for Drupal SA-CONTRIB-2013-083 - Quiz -
Access Bypass in deleting quiz results


Reported by 'nirvanajyothi', https://drupal.org/user/252387

 Please use CVE-2013-4501 for Drupal SA-CONTRIB-2013-083 - Quiz -

Access Bypass in viewing quiz results



Reported by 'Cat Hirst,' https://drupal.org/user/162748

Current thread:

CVE request for Drupal contributed modules Forest Monsen (Oct 18)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Oct 18)
- <Possible follow-ups>
- CVE request for Drupal contributed modules Forest Monsen (Nov 02)
  - Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 03)
    - Re: CVE request for Drupal contributed modules Forest Monsen (Nov 06)
- CVE request for Drupal contributed modules Forest Monsen (Nov 17)
  - Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 18)