Title: NewsBruiser Comment System Security Restrictions Bypass Vulnerability
Severity: MODERATE
Description:
NewsBruiser is a Web based application that is used to create Weblogs.
NewsBruiser is reported prone to a security restriction bypass vulnerability. Although unconfirmed, it is likely that this issue results from an access validation error.
It is reported that this issue arises in the comment system of the application. A remote attacker may delete or approve comments on a site adversely affecting the availability or integrity of data. It should be noted that the comment functionality must be enabled for this issue to arise.
NewsBruiser 2.6.0 and prior versions are affected by this issue.
Affected Products:
- NewsBruiser NewsBruiser 2.0.0
- NewsBruiser NewsBruiser 2.1.0
- NewsBruiser NewsBruiser 2.2.0
- NewsBruiser NewsBruiser 2.3.0
- NewsBruiser NewsBruiser 2.4.0
- NewsBruiser NewsBruiser 2.4.1
- NewsBruiser NewsBruiser 2.5.0
- NewsBruiser NewsBruiser 2.6.0
References:
- NewsBruiser: NewsBruiser Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
