oss-sec mailing list archives

CVE request: Cantata vulnerability

From: Sergey Popov <pinkbyte () gentoo org>
Date: Mon, 20 Jan 2014 14:30:15 +0400

I would like to request CVE for vulnerability in Cantata[1], which
allows attacker to steal valuable information from user's home directory
via internal HTTP server, that are not properly handled requests and
allows to download every file it has access to from host, where it runs.

More details can be acquired from upstream bugreport[2].

[1] - https://code.google.com/p/cantata/
[2] - https://code.google.com/p/cantata/issues/detail?id=356

-- 
Best regards, Sergey Popov
Gentoo developer
Gentoo Desktop Effects project lead
Gentoo Qt project lead
Gentoo Proxy maintainers project lead

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE request: Cantata vulnerability Sergey Popov (Jan 20)
- Re: CVE request: Cantata vulnerability cve-assign (Jan 20)