oss-sec mailing list archives

CVE Request: Privilege escalation in webdav

From: Nathan Van Gheem <vangheem () gmail com>
Date: Tue, 19 Apr 2016 15:09:32 +0000

Can a CVE be assigned to this issue, please?

https://plone.org/security/20160419/privilege-escalation-in-webdav

A missing webdav security declaration would allow unauthorized webdav
access.

The relevant code is:

https://plone.org/security/20150910/

The vendor credits with the discovery: Thomas Mogensen

Thanks, let me know if you'd like more information.

-- 
Nathan Van Gheem
Director of Solutions Engineering
Wildcard Corp

Current thread:

CVE Request: Privilege escalation in webdav Nathan Van Gheem (Apr 19)
- Re: CVE Request: Privilege escalation in webdav Nathan Van Gheem (Apr 19)
- Re: CVE Request: Privilege escalation in webdav - Plone cve-assign (Apr 19)