CVE-2012-2770

EUVD-2012-2750
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
mike_peacheyauthen\
𝑥
≤ 0.08
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rt-authen-externalauth
hardy
dne
lucid
dne
natty
dne
oneiric
dne
precise
dne
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
dne
Common Weakness Enumeration
References
http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html
http://secunia.com/advisories/50060
http://www.securityfocus.com/bid/54681
https://exchange.xforce.ibmcloud.com/vulnerabilities/77213
http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html
http://secunia.com/advisories/50060
http://www.securityfocus.com/bid/54681
https://exchange.xforce.ibmcloud.com/vulnerabilities/77213