Security Advisory

CVE-2013-6404

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-12-09 11:00:00

Last updated 2024-08-06 17:39:01

Assigner redhat

State PUBLISHED

Description

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.

← Browse all CVEs View on cve.org ↗