CVE-2013-7222

2014-01-0214:59:04

CWE-310

[email protected]

web.nvd.nist.gov

cve-2013-7222

nvd

security

vulnerability

fat free crm

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.8%

JSON

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.

Affected configurations

NVD

Node

fatfreecrmfat_free_crmRange≤0.12.0

fatfreecrmfat_free_crmMatch0.9.6

fatfreecrmfat_free_crmMatch0.9.7

fatfreecrmfat_free_crmMatch0.9.8

fatfreecrmfat_free_crmMatch0.9.9

fatfreecrmfat_free_crmMatch0.9.10

fatfreecrmfat_free_crmMatch0.10.1

fatfreecrmfat_free_crmMatch0.11.0

fatfreecrmfat_free_crmMatch0.11.1

fatfreecrmfat_free_crmMatch0.11.2

CPENameOperatorVersion
fatfreecrm:fat_free_crmfatfreecrm fat free crmle0.12.0
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.9.6
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.9.7
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.9.8
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.9.9
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.9.10
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.10.1
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.11.0
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.11.1
fatfreecrm:fat_free_crmfatfreecrm fat free crmeq0.11.2

CPE	Name	Operator	Version
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	le	0.12.0
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.9.6
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.9.7
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.9.8
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.9.9
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.9.10
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.10.1
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.11.0
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.11.1
fatfreecrm:fat_free_crm	fatfreecrm fat free crm	eq	0.11.2