CVE number
JaneX8 opened this issue · comments
Hello,
I'm wondering why this vulnerability isn't submitted to the CVE database. Under CPE cpe:/a:codeigniter:codeigniter
http://www.cvedetails.com/vulnerability-list/vendor_id-6918/Codeigniter.html
Can I help you submitting this to the CVE database?
Greetings!
I believe that a CVE has already been allocated for this issue (CVE-2014-8686) - although this currently shows up as reserved on MITRE's site.
I don't think this was assigned when the vuln was originally reported to EllisLab - but this was around the time when the ownership of CodeIgniter was changing, so it's possible that the requests got lost at that point.
BeyondBinary wrote an advisory earlier this year about an issue on Seagate NASs, and he references that CVE in that advisory, so MITRE are definitely aware of this issue - but quite why the CVE details aren't public I don't know. If you're in contact with someone at MITRE they may be able to shed some light onto this.
Thanks,
~rbsec