CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
mike_peacheyauthen\
𝑥
≤ 0.08
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rt-authen-externalauth
zesty
dne
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
dne
oneiric
dne
natty
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html
http://secunia.com/advisories/50060
http://www.securityfocus.com/bid/54681
https://exchange.xforce.ibmcloud.com/vulnerabilities/77213
http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html
http://secunia.com/advisories/50060
http://www.securityfocus.com/bid/54681
https://exchange.xforce.ibmcloud.com/vulnerabilities/77213