Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 268159

Summary: <www-apps/twiki-4.3.1 CSRF (CVE-2009-1339)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://launchpad.net/bugs/cve/2009-1339
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-01 19:51:15 UTC
CVE-2009-1339 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1339):
  Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1
  allows remote authenticated users to hijack the authentication of
  arbitrary users for requests that update pages, as demonstrated by a
  URL for a save script in the SRC attribute of an IMG element, a
  related issue to CVE-2009-1434.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-01 10:19:03 UTC
+*twiki-4.3.1 (01 Aug 2009)
+
+  01 Aug 2009; Alex Legler <a3li@gentoo.org> -twiki-4.2.4.ebuild,
+  +twiki-4.3.1.ebuild:
+  Non-maintainer commit: Version bump for security bug 268159. Removing
+  vulnerable version
+