6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.9%
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the “URL of a RSS feed of the user.”
lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html
secunia.com/advisories/50060
www.securityfocus.com/bid/54681
exchange.xforce.ibmcloud.com/vulnerabilities/77213