2013-05-23 15:00:00
mitre
PUBLISHED
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.