Launchpad CVE tracker

CVE 2008-0165

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

Related bugs and status

CVE-2008-0165 (Candidate) is related to these bugs:

Bug #227273: [ikiwiki] [CVE-2008-0165] cross-site request forgery

Summary				In	Importance	Status
	227273	[ikiwiki] [CVE-2008-0165] cross-site request forgery		ikiwiki (Ubuntu)	Medium	Fix Released
	227273	[ikiwiki] [CVE-2008-0165] cross-site request forgery		ikiwiki (Debian)	Unknown	Fix Released

Bug #227289: Please merge ikiwiki 2.45 (universe) from Debian unstable

Summary				In	Importance	Status
	227289	Please merge ikiwiki 2.45 (universe) from Debian unstable		ikiwiki (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...
DEBIAN: DSA-1553
CONFIRM: http://ikiwiki.info/se...
SECUNIA: 29907
SECUNIA: 29932
VUPEN: ADV-2008-1297
XF: ikiwiki-change-passwor...

Launchpad.net

CVE 2008-0165

Related bugs and status

Related bugs

References