[wp-trac] Re: [WordPress Trac] #3142: user_edit.php vulnerable:
User can spy out metadata of other users
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 24 09:11:03 GMT 2006
#3142: user_edit.php vulnerable: User can spy out metadata of other users
----------------------------+-----------------------------------------------
Reporter: adapter | Owner: anonymous
Type: defect | Status: reopened
Priority: high | Milestone: 2.1
Component: Administration | Version: 2.0.4
Severity: major | Resolution:
Keywords: has-patch |
----------------------------+-----------------------------------------------
Changes (by westi):
* resolution: worksforme =>
* keywords: => has-patch
* status: closed => reopened
Comment:
Hmm - I can now reproduce this both on your test blog and my test 2.0.4
install.
I believe this affects 2.0.4 and 2.1 so is a candidate for a fictional
2.0.5 as a security release.
I'm attaching patches for 2.0.x and trunk.
--
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list