mailing list archives
CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass
From: Henri Salo <henri () nerv fi>
Date: Mon, 11 Feb 2013 13:12:58 +0200
From Secunia: A security issue has been reported in Trac, which can be exploited
by malicious users to bypass certain security restrictions. The security issue
is caused due to the application not properly checking workflow permissions
before modifying a ticket, which can be exploited to change the status and
resolution of tickets without having proper permissions.
The security issue is reported in versions prior to 0.11.7.
Could you assign CVE-2010-XXXX, thank you. Please double verify this hasn't been
assigned. I tried my best to avoid duplicates :)
- CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Henri Salo (Feb 11)