oss-sec mailing list archives
Security issues in GOsa
From: Mike Gabriel <mike.gabriel () das-netzwerkteam de>
Date: Fri, 15 Jan 2016 10:26:31 +0000
Hi,GOsa is a framework written in PHP for LDAP-based management of intranet infrastructures.
As part of upstream (I joined the team recently) I would like to make you aware of (at least) two security issues +/- recently discovered:
(1) Possibility of code injection when setting passwords for Samba. Solved upstream:
https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8 (2) XSS vulnerability during session log on. Solved upstream: https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732 Please assign individual CVE Ids for both issues, if appropriate. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel () das-netzwerkteam de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de
Attachment:
_bin
Description: Digitale PGP-Signatur
Current thread:
- Security issues in GOsa Mike Gabriel (Jan 15)
- Re: Security issues in GOsa cve-assign (Jan 15)