|
|
|
|
|
|
by LukasReschke
3837 days ago
|
|
|
> The one column at the link with that has "medium" and "low" values is "complexity" which means CVSS's "access complexity". So it means there are many vulnerabilities that are easy to exploit. I'm aware of that, I have a ton of CVE entries filed myself. I was referring to the score (https://nvd.nist.gov/cvss.cfm), anything below 7.0 is not deemed "high". > Also CVE-2015-2213 is marked as NOT requiring authentication (along with about 7 other straight remote code execution CVEs). CVE entries are often terribly done wrong if they are not provided by the vendor (which is what ownCloud does). See https://core.trac.wordpress.org/changeset/33555 for the patch for CVE-2015-2213. As you can see this is within the function "wp_untrash_post_comments" which is called by "wp_untrash_post" which only accepts user-input from the Wordpress admin panel. |
|
|
There's really no reason to discount bugs based on having score < 7 though, it's a very rough measure and as you say not very reliable.