Bug 1123692 (CVE-2014-5027, CVE-2014-5028)

Summary: CVE-2014-5027 CVE-2014-5028 ReviewBoard: two flaws fixed in the 1.7.27 release
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: puiterwijk, sgallagh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Review Board 1.7.27 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:45:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1123693    
Bug Blocks:    

Description Murray McAllister 2014-07-28 01:32:39 UTC 
The 1.7.27 release of Review Board fixes the following flaws:

CVE-2014-5027:

""
Fixed a vulnerability where a URL to a diff fragment could be crafted that would inject custom HTML into the page. An attacker could send such a URL to another user and execute code in their browser session.
""

and CVE-2014-5028:

""
The Original File and Patched File resources could be used to access files on a private review request that the user did not have access to, if they knew the approciate database IDs.
""

Version 1.7.27 is already in Fedora testing.

References:

https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27/
http://seclists.org/oss-sec/2014/q3/207
Comment 1 Murray McAllister 2014-07-28 01:33:36 UTC 
Created ReviewBoard tracking bugs for this issue:

Affects: epel-6 [bug 1123693]