Bug 1007340 (CVE-2013-4338, CVE-2013-4339, CVE-2013-4340, CVE-2013-5738, CVE-2013-5739)
Summary: | CVE-2013-4338 CVE-2013-4339 CVE-2013-4340 CVE-2013-5738 CVE-2013-5739 wordpress: new security issues fixed in 3.6.1 | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED UPSTREAM | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | fedora, gwync |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | wordpress 3.6.1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:30:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1007343, 1007344 | ||
Bug Blocks: | 1007345 |
Description
Ratul Gupta
2013-09-12 09:56:00 UTC
Created wordpress tracking bugs for this issue: Affects: fedora-all [bug 1007343] Affects: epel-all [bug 1007344] Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4338 to the following vulnerability: Name: CVE-2013-4338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338 Assigned: 20130612 Reference: http://codex.wordpress.org/Version_3.6.1 Reference: http://core.trac.wordpress.org/changeset/25325 Reference: http://wordpress.org/news/2013/09/wordpress-3-6-1/ wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations. Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4339 to the following vulnerability: Name: CVE-2013-4339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339 Assigned: 20130612 Reference: http://codex.wordpress.org/Version_3.6.1 Reference: http://core.trac.wordpress.org/changeset/25323 Reference: http://core.trac.wordpress.org/changeset/25324 Reference: http://wordpress.org/news/2013/09/wordpress-3-6-1/ WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4340 to the following vulnerability: Name: CVE-2013-4340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340 Assigned: 20130612 Reference: http://codex.wordpress.org/Version_3.6.1 Reference: http://core.trac.wordpress.org/changeset/25321 Reference: http://wordpress.org/news/2013/09/wordpress-3-6-1/ wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. Common Vulnerabilities and Exposures assigned an identifier CVE-2013-5738 to the following vulnerability: Name: CVE-2013-5738 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738 Assigned: 20130911 Reference: http://codex.wordpress.org/Version_3.6.1 Reference: http://core.trac.wordpress.org/changeset/25322 Reference: http://wordpress.org/news/2013/09/wordpress-3-6-1/ The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file. Common Vulnerabilities and Exposures assigned an identifier CVE-2013-5739 to the following vulnerability: Name: CVE-2013-5739 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739 Assigned: 20130911 Reference: http://codex.wordpress.org/Version_3.6.1 Reference: http://core.trac.wordpress.org/changeset/25322 Reference: http://wordpress.org/news/2013/09/wordpress-3-6-1/ The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. External References: http://wordpress.org/news/2013/09/wordpress-3-6-1/ This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |