CVE-2012-3473

EUVD-2012-3429
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
ushahidiushahidi_platform
𝑥
≤ 2.4.1
ushahidiushahidi_platform
1.0
ushahidiushahidi_platform
1.2
ushahidiushahidi_platform
2.0
ushahidiushahidi_platform
2.1
ushahidiushahidi_platform
2.2
ushahidiushahidi_platform
2.2.1
ushahidiushahidi_platform
2.3.1
ushahidiushahidi_platform
2.3.2
ushahidiushahidi_platform
2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4
https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4
https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad