Does not properly cache login information in cookies

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Locked
leaderrealvn
New Member
New Member
Posts: 1
Joined: Thu Jul 11, 2019 8:23 am

Does not properly cache login information in cookies

Post by leaderrealvn »

Hi Team,

Recently, MITRE assigned two CVE IDs for issues related to the 2.2.5 release [1] [2]. The first, CVE-2017-17734 [3] is simply described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions." The second, CVE-2017-17735 [4] is described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies."

Given the wording of your release announcement [1], it isn't obvious if these fixed true vulnerabilities or were defense-in-depth enhancements. Can you clarify which they are?

Thanks,
Top
Locked

Return to “CMSMS Core”