Hi Team,
Recently, MITRE assigned two CVE IDs for issues related to the 2.2.5 release [1] [2]. The first, CVE-2017-17734 [3] is simply described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions." The second, CVE-2017-17735 [4] is described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies."
Given the wording of your release announcement [1], it isn't obvious if these fixed true vulnerabilities or were defense-in-depth enhancements. Can you clarify which they are?
Thanks,
Does not properly cache login information in cookies
For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
-
- New Member
- Posts: 1
- Joined: Thu Jul 11, 2019 8:23 am
Jump to
- Official Boards
- ↳ README FIRST!!!
- ↳ Announcements
- ↳ General Discussion
- Support Boards
- ↳ CMSMS Core
- ↳ Modules/Add-Ons
- ↳ Help Wanted (commercial)
- ↳ Translations
- Community Boards
- ↳ Tips and Tricks
- ↳ CMS Show Off
- ↳ Layout and Design (CSS & HTML)
- ↳ Feature ideas
- ↳ Developers Discussion
- ↳ The Lounge
- International Discussions
- ↳ Czech/Slovak - Česky/Slovensky
- ↳ Danish - Dansk
- ↳ Dutch - Nederlands
- ↳ Aankondigingen
- ↳ Tips en Trucs
- ↳ Vertalingen & Documentatie
- ↳ Hulp gezocht (commercieel)
- ↳ Finnish - Suomi
- ↳ French - Français
- ↳ German - Deutsch
- ↳ BITTE ZUERST LESEN !!!
- ↳ Ankündigungen
- ↳ Installation und Einstellungen
- ↳ Module und Tags
- ↳ Smarty-Tipps und -Tricks
- ↳ Layout und Design
- ↳ Suchmaschinenoptimierung (SEO)
- ↳ HowTo's
- ↳ Übersetzungen
- ↳ Show Off
- ↳ Hilfe gesucht (kommerziell)
- ↳ Stammtisch
- ↳ Hungarian - Magyar
- ↳ Italian - Italiano
- ↳ Moduli/Plugins
- ↳ Lithuanian - Lietuviškai
- ↳ Darbo / bendradarbiavimo pasiūlymai ir paieška
- ↳ Persian / Farsi
- ↳ Polish - Polski
- ↳ Portuguese - Português
- ↳ Russian - русский
- ↳ Предложения и поиск РАБОТЫ
- ↳ Spanish - Español
- ↳ Swedish - Svenska
- Geekmoot Editions
- ↳ Geekmoot 2016
- ↳ Connections and Conversations
- ↳ Geekmoot 2015
- ↳ Geek Moot 2012
- ↳ Locked: Geek Moot 2010
- Old Forums
- ↳ [locked] CMSMS 2.0 Beta
- ↳ Module Developers
- ↳ Closed Issues
- ↳ [locked] Documentation0ld
- ↳ Suggestions, Modifications & Corrections
- ↳ [locked] CMSMS 1.11 Beta
- ↳ Closed Issues
- ↳ [locked] CMSMS 1.10 Beta
- ↳ Closed Issues
- ↳ [locked] CMSMS 2.2 Beta
- ↳ [locked] CMSMS MLE fork
- ↳ Modules/Addon patchs
- ↳ [locked] Quality Assurance
- ↳ [locked] Accessability and Usability
- ↳ [locked] Documentation
- ↳ Media and presentations about CMSMS
- ↳ [locked] Installation, Setup and Upgrade