Lucene search

RedhatCVE-2012-3474

HistoryAug 12, 2012 - 9:55 p.m.

CVE-2012-3474

2012-08-1221:55:01

CWE-200

redhat

web.nvd.nist.gov

ushahidi platform

vulnerability

remote attackers

api

sensitive information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

75.4%

JSON

The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.

Affected configurations

Nvd

Node

ushahidiushahidi_platformRange≤2.4.1

ushahidiushahidi_platformMatch1.0

ushahidiushahidi_platformMatch1.2

ushahidiushahidi_platformMatch2.0

ushahidiushahidi_platformMatch2.1

ushahidiushahidi_platformMatch2.2

ushahidiushahidi_platformMatch2.2.1

ushahidiushahidi_platformMatch2.3.1

ushahidiushahidi_platformMatch2.3.2

ushahidiushahidi_platformMatch2.4

VendorProductVersionCPE
ushahidiushahidi_platform*cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*
ushahidiushahidi_platform1.0cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*
ushahidiushahidi_platform1.2cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.0cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*
ushahidiushahidi_platform2.1cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.2cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.2.1cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.3.1cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*
ushahidiushahidi_platform2.3.2cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*
ushahidiushahidi_platform2.4cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ushahidi	ushahidi_platform	*	cpe:2.3:a:ushahidi:ushahidi_platform::::::::
ushahidi	ushahidi_platform	1.0	cpe:2.3:a:ushahidi:ushahidi_platform:1.0:::::::*
ushahidi	ushahidi_platform	1.2	cpe:2.3:a:ushahidi:ushahidi_platform:1.2:::::::*
ushahidi	ushahidi_platform	2.0	cpe:2.3:a:ushahidi:ushahidi_platform:2.0:::::::*
ushahidi	ushahidi_platform	2.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.1:::::::*
ushahidi	ushahidi_platform	2.2	cpe:2.3:a:ushahidi:ushahidi_platform:2.2:::::::*
ushahidi	ushahidi_platform	2.2.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:::::::*
ushahidi	ushahidi_platform	2.3.1	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:::::::*
ushahidi	ushahidi_platform	2.3.2	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:::::::*
ushahidi	ushahidi_platform	2.4	cpe:2.3:a:ushahidi:ushahidi_platform:2.4:::::::*

References

openwall.com/lists/oss-security/2012/08/09/5

github.com/ushahidi/Ushahidi_Web/commit/529f353

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

75.4%

JSON

Related for CVE-2012-3474