oss-sec mailing list archives

Re: CVE request: usebb before 1.0.11 unauthorized access to content

From: Josh Bressers <bressers () redhat com>
Date: Mon, 11 Oct 2010 15:28:51 -0400 (EDT)


----- "Hanno Böck" <hanno () hboeck de> wrote:

http://www.usebb.net/community/topic.php?id=2501

A security issue has been discovered in UseBB 1.0.10 with per forum and
topic RSS feeds in combination with restricted forum access permissions,
giving users access to post contents that should remain hidden. Anyone
having a restricted "read" permission set but NOT an equal or more
restricted "view" one is prone to this issue.


Here is a slightly better description here:
http://www.usebb.net/community/topic-2495.html

Please use CVE-2010-3713 for this.

Thanks.

-- 
    JB

Current thread:

CVE request: usebb before 1.0.11 unauthorized access to content Hanno Böck (Oct 08)
- Re: CVE request: usebb before 1.0.11 unauthorized access to content Josh Bressers (Oct 11)