CVE-2012-2770

critical

Description

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/77213

http://www.securityfocus.com/bid/54681

http://secunia.com/advisories/50060

http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html

Details

Source: Mitre, NVD

Published: 2012-08-15

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics