oss-sec mailing list archives

CVE Requests for Drupal Core - SA-CORE-2016-004

From: Pere Orga <pere () orga cat>
Date: Wed, 28 Sep 2016 21:51:03 +0200

Hi

Please can I have CVE IDs assigned to the following Drupal
vulnerabilities (see https://www.drupal.org/SA-CORE-2016-004):

Users without "Administer comments" can set comment visibility on
nodes they can edit
Cross-site Scripting in http exceptions
Full config export can be downloaded without administrative permissions

Versions affected are all Drupal 8.x versions prior to 8.1.10.

Thanks

-- 
Pere Orga on behalf of the Drupal Security team

Current thread:

CVE Requests for Drupal Core - SA-CORE-2016-004 Pere Orga (Sep 28)
- Re: CVE Requests for Drupal Core - SA-CORE-2016-004 cve-assign (Sep 28)