CVE-2012-3473

The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
ushahidiushahidi_platform
𝑥
≤ 2.4.1
ushahidiushahidi_platform
1.0
ushahidiushahidi_platform
1.2
ushahidiushahidi_platform
2.0
ushahidiushahidi_platform
2.1
ushahidiushahidi_platform
2.2
ushahidiushahidi_platform
2.2.1
ushahidiushahidi_platform
2.3.1
ushahidiushahidi_platform
2.3.2
ushahidiushahidi_platform
2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4
https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4
https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad