oss-sec mailing list archives

Re: CVE Request for Drupal Core

From: cve-assign () mitre org
Date: Mon, 21 Apr 2014 21:18:13 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SA-CORE-2014-002 - Drupal core - Information Disclosure
https://drupal.org/SA-CORE-2014-002

Drupal's form API ... When pages are cached ... there is a chance that
interim form input recorded for one anonymous user (which may include
sensitive or private information, depending on the nature of the form)
will be disclosed to other users interacting with the same form at the
same time


Use CVE-2014-2983.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTVcMIAAoJEKllVAevmvmsOhMH/jxUssmaa2sl7LFx/mA3jg46
mSI/dHm9v5ONYa14zoXi2DAEi8birAKjbIgtz/b2kd9Q5RVCzD5qVQiTIjYgQCFD
w5VkFkxZp33sG5HsgBGbpQPbHX+M0inHqvH3j4XE36w0QZ8rtNwehWIb/alZoqw2
M4U6OyC6fEUgsJuoeIxg+zvJFYniWOQFI1y5t/XZ6NaTEHyXK85wabaNEuzt4t2O
V+zXgdO1gAudEbvYe9kAJ81tcxv9rYXUhpmxePlF5mkQxIDU9RevgRAaCjpvUO/J
SThzZT7mBZbUSd7xubU7B2EGGx9JWqKOTKG0KRG4EKkZ+aHpH7UcjOFKUjrxGBY=
=vHDf
-----END PGP SIGNATURE-----

Current thread:

CVE Request for Drupal Core Forest Monsen (Apr 18)
- Re: CVE Request for Drupal Core cve-assign (Apr 21)