5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.9%
The RT development team reports:
RT::Authen::ExternalAuth 0.10 and below (for all versions
of RT) are vulnerable to an escalation of privilege attack
where the URL of a RSS feed of the user can be used to
acquire a fully logged-in session as that user.
CVE-2012-2770 has been assigned to this vulnerability.
Users of RT 3.8.2 and above should upgrade to
RT::Authen::ExternalAuth 0.11, which resolves this
vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | p5-rt-authen-externalauth | < 0.11 | UNKNOWN |