Lucene search

FreeBSDCDC4FF0E-D736-11E1-8221-E0CB4E266481

HistoryJul 25, 2012 - 12:00 a.m.

p5-RT-Authen-ExternalAuth -- privilege escalation

2012-07-2500:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.9%

JSON

The RT development team reports:

RT::Authen::ExternalAuth 0.10 and below (for all versions
of RT) are vulnerable to an escalation of privilege attack
where the URL of a RSS feed of the user can be used to
acquire a fully logged-in session as that user.
CVE-2012-2770 has been assigned to this vulnerability.
Users of RT 3.8.2 and above should upgrade to
RT::Authen::ExternalAuth 0.11, which resolves this
vulnerability.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchp5-rt-authen-externalauth< 0.11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	p5-rt-authen-externalauth	< 0.11	UNKNOWN

References

blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.9%

JSON

Related for CDC4FF0E-D736-11E1-8221-E0CB4E266481