[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: GLPI: unprivileged users can access cost information
From:       cve-assign () mitre ! org
Date:       2014-07-22 22:31:19
Message-ID: 201407222231.s6MMVJ6b005465 () linus ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> a user without access to cost information can in fact see the
> information when selecting cost as a search criteria. This is fixed by
> commit which appears to have been included for version 0.84.7.
> 
> https://forge.indepnet.net/issues/4984
> https://forge.indepnet.net/projects/glpi/repository/revisions/23061
> http://www.glpi-project.org/spip.php?page=annonce&id_breve=326&lang=en

Use CVE-2014-5032.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTzuWXAAoJEKllVAevmvmsTUYIALGINZBT+2sBe1llbZwdzM/E
0h5AeMQeP1jJ7TDPBeeLyU4r0ZYcBbuk+o6sLwKSiJGn27rgRSaH7a+mlMN7S+Ax
wausrHZsPwLl0xN8m9LvDJZvOExkC1mEFwm644BQ2AKrC4LikP5bisP0BKPeI0re
YFwBduU52Q0nt97VCR32/euaTQ6/dmfVoPo/M20U8U33qfSgZ5eAOx2ZDCk3GnlY
xVy4vNLVJ+3o0Bx8jWIyhav43alwbd4GjqpOSiRSSI9I7O10R3pmdtAxrlbGpJbY
bnHLyaXpUMe75/4etszIoW+ZWvuxVVYcMcuXlUU0tRDrSYaJiL6FIxiaEcD/sfc=
=KVBH
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]