Bug 1022444 - (CVE-2017-5610) VUL-1: CVE-2017-5610: wordpress: unauthorized user's bypass
(CVE-2017-5610)
VUL-1: CVE-2017-5610: wordpress: unauthorized user's bypass
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software
unspecified
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Eric Schirra
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-28 21:21 UTC by Mikhail Kasimov
Modified: 2017-02-04 09:35 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-01-28 21:21:11 UTC
Ref: http://seclists.org/oss-sec/2017/q1/217
============================================
The user interface for assigning taxonomy terms in Press This is shown to
users who do not have permissions to use it. Reported by David Herrera of Alley
Interactive.

https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
============================================

Assigned: CVE-2017-5610

https://software.opensuse.org/package/wordpress

4.6.1 version for TW|42.(1|2) in server:php:applications repo.
Comment 1 Swamp Workflow Management 2017-01-28 23:00:28 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2017-01-29 08:12:38 UTC
the SUSE security team does not cover packages not currently in the distribution. Not treating as an incident, assign/cc community maintainers.
Comment 3 Eric Schirra 2017-02-04 09:35:05 UTC
update packages in server:php:applications to version 7.7.2