GitHub Advisory DatabaseGHSA-F9QV-J5G6-G5CRTrac is vulnerable to improper policy checks and missing 'raw' role check in docutils
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
78.2%
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) βpolicy checks in report results when using alternate formatsβ or (2) a βcheck for the βrawβ role that is missing in docutils < 0.6.β
Affected configurations
References
trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE
bugzilla.redhat.com/show_bug.cgi?id=542394
exchange.xforce.ibmcloud.com/vulnerabilities/54983
github.com/advisories/GHSA-f9qv-j5g6-g5cr
nvd.nist.gov/vuln/detail/CVE-2009-4405
web.archive.org/web/20130417170303/secunia.com/advisories/37901
web.archive.org/web/20130513235205/secunia.com/advisories/37807
www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
78.2%