New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cryptographic, Password Disclosure and XSS vulnerabilities #267

Open
fgeek opened this Issue Jul 19, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@fgeek

fgeek commented Jul 19, 2017

Original advisory is here: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt

Please fix these vulnerabilities and create a new release with the fixes, thank you. I haven't personally reproduced the issues, but I can do so if needed. There doesn't seem to be CVEs assigned for this advisory. I can request the CVEs from MITRE today.

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek Jul 19, 2017

Btw. your web site still has http://trac.openwebanalytics.com link. You might want to change it to point directly to GitHub issue tracker, thanks.

fgeek commented Jul 19, 2017

Btw. your web site still has http://trac.openwebanalytics.com link. You might want to change it to point directly to GitHub issue tracker, thanks.

@padams

This comment has been minimized.

Show comment
Hide comment
@padams

padams Jul 19, 2017

Owner

I believe some of this is fixed in master. If you are in a position to test the advisory that would be helpful.

Owner

padams commented Jul 19, 2017

I believe some of this is fixed in master. If you are in a position to test the advisory that would be helpful.

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek Jul 19, 2017

Happy to help. I'll send a new message after I have tested this with the newest version.

fgeek commented Jul 19, 2017

Happy to help. I'll send a new message after I have tested this with the newest version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment