You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2018/02/26 05:26:43 UTC
[openmeetings-site] branch asf-site updated: no jira: vulnerability
description is improved
This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/openmeetings-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new daccbfb no jira: vulnerability description is improved
daccbfb is described below
commit daccbfb2bb0dee5e18c0fd1248d4f87905507cc9
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Mon Feb 26 12:26:35 2018 +0700
no jira: vulnerability description is improved
---
security.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security.html b/security.html
index 36d122f..fa6f17b 100644
--- a/security.html
+++ b/security.html
@@ -252,7 +252,7 @@
<h2 id="_toc_cve-2018-1286_-_apache_openmeetings_-_insufficient">CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls</h2>
<p>Severity: Medium</p>
<p>Vendor: The Apache Software Foundation</p>
- <p>Versions Affected: Apache OpenMeetings 3.0.0</p>
+ <p>Versions Affected: Apache OpenMeetings 3.0.0 - 4.0.1</p>
<p>Description: CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.<br> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1286">CVE-2018-1286</a> </p>
<p>The issue was fixed in 4.0.2<br> All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p>
<p>Credit: This issue was identified by Sahil Dhar of Security Innovation Inc</p>
--
To stop receiving notification emails like this one, please contact
solomax@apache.org.