7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.9%
Trac is a wiki and issue tracking system for software development projects.
Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests.
An attacker could entice an authenticated user to browse to a specially crafted URL, allowing the attacker to execute actions in the Trac instance as if they were the user.
There is no known workaround at this time.
All Trac users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/trac-0.10.1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-apps/trac | < 0.10.1 | UNKNOWN |