Lucene search

[email protected]NVD:CVE-2006-3398

HistoryJul 06, 2006 - 8:05 p.m.

CVE-2006-3398

2006-07-0620:05:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

The “change password forms” in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.

Affected configurations

Nvd

Node

pkr_internettaskjitsuMatch0.1

pkr_internettaskjitsuMatch2.0

VendorProductVersionCPE
pkr_internettaskjitsu0.1cpe:2.3:a:pkr_internet:taskjitsu:0.1:*:*:*:*:*:*:*
pkr_internettaskjitsu2.0cpe:2.3:a:pkr_internet:taskjitsu:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pkr_internet	taskjitsu	0.1	cpe:2.3:a:pkr_internet:taskjitsu:0.1:::::::*
pkr_internet	taskjitsu	2.0	cpe:2.3:a:pkr_internet:taskjitsu:2.0:::::::*

References

www.pkrinternet.com/download/RELEASE-NOTES.txt

www.vupen.com/english/advisories/2006/2660

www.pkrinternet.com/taskjitsu/task/3400

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

Related for NVD:CVE-2006-3398

cvelist1 cve1