This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The RT development team reports :
RT::Authen::ExternalAuth 0.10 and below (for all versions of RT) are
vulnerable to an escalation of privilege attack where the URL of a RSS
feed of the user can be used to acquire a fully logged-in session as
that user. CVE-2012-2770 has been assigned to this vulnerability.
Users of RT 3.8.2 and above should upgrade to RT::Authen::ExternalAuth
0.11, which resolves this vulnerability.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 5.0