// For flags

CVE-2012-2770

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."

La extensión Authen::ExternalAuth anterior v0.11 para (Best Practical Solutions RT) permite a atacantes obtener una sesión con acceso a través de vectores no especificados relacionados con (URL of a RSS feed of the user).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-18 CVE Reserved
  • 2012-08-15 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mike Peachey
Search vendor "Mike Peachey"
 Authen::externalauth
Search vendor "Mike Peachey" for product "Authen::externalauth"
 <= 0.08
Search vendor "Mike Peachey" for product "Authen::externalauth" and version " <= 0.08"
-
Affected
in Bestpractical
Search vendor "Bestpractical"
 Rt
Search vendor "Bestpractical" for product "Rt"
--
Safe
Mike Peachey
Search vendor "Mike Peachey"
 Authen::externalauth
Search vendor "Mike Peachey" for product "Authen::externalauth"
 0.05
Search vendor "Mike Peachey" for product "Authen::externalauth" and version "0.05"
-
Affected
in Bestpractical
Search vendor "Bestpractical"
 Rt
Search vendor "Bestpractical" for product "Rt"
--
Safe