[cisco-voip] Bug Search Code Injection

Brian Meade bmeade90 at vt.edu
Wed Aug 28 12:36:35 EDT 2019


I would keep pushing this.  There is an internal review process for bug
release notes but clearly they failed here.  That should not be the only
thing keeping Cisco employees from potentially putting malicious code in
bug notes.  The reviewers probably wouldn't even be able to tell what is
malicious and what isn't.

On Wed, Aug 28, 2019 at 10:42 AM Anthony Holloway <
avholloway+cisco-voip at gmail.com> wrote:

> Here is the response I got back after Cisco looked into my report:
>
> *"And as CDETS is not accessible to external users no malicious code can
> be entered and internal users will not enter any malicious code."*
>
>
> On Thu, Aug 22, 2019 at 10:02 AM Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
>> FWIW I submitted feedback via the website and have already been contacted
>> by someone on the Bug Search Tool team stating they're looking in to it.
>>
>> [image: image.png]
>>
>> On Tue, Aug 20, 2019 at 9:35 AM Anthony Holloway <
>> avholloway+cisco-voip at gmail.com> wrote:
>>
>>> Looks like I stumbled across some code injection on the following defect
>>> page:
>>>
>>> https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq27976
>>>
>>> It's innocent enough, but concerning that it's even possible.
>>>
>>> [image: image.png]
>>>
>> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/dc06f42f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 37328 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/dc06f42f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 48191 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/dc06f42f/attachment-0001.png>


More information about the cisco-voip mailing list