[wp-trac] Re: [WordPress Trac] #3142: user_edit.php vulnerable: User can spy out metadata of other users

WordPress Trac wp-trac at lists.automattic.com
Sun Sep 24 09:11:03 GMT 2006


#3142: user_edit.php vulnerable: User can spy out metadata of other users
----------------------------+-----------------------------------------------
 Reporter:  adapter         |        Owner:  anonymous
     Type:  defect          |       Status:  reopened 
 Priority:  high            |    Milestone:  2.1      
Component:  Administration  |      Version:  2.0.4    
 Severity:  major           |   Resolution:           
 Keywords:  has-patch       |  
----------------------------+-----------------------------------------------
Changes (by westi):

  * resolution:  worksforme =>
  * keywords:  => has-patch
  * status:  closed => reopened

Comment:

 Hmm - I can now reproduce this both on your test blog and my test 2.0.4
 install.

 I believe this affects 2.0.4 and 2.1 so is a candidate for a fictional
 2.0.5 as a security release.

 I'm attaching patches for 2.0.x and trunk.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list