CPANSA-MT-2012-0317: MT vulnerability
| Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
| Initial release date |
2012-03-03T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
| Current release date |
2012-03-03T00:00:00 |
Build Date |
|
| Current version |
1 |
Status |
final |
| CVSS v3.1 Base Score |
|
Severity |
|
| Original language |
|
Language |
en |
| Also referred to |
|
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.
Vulnerabilities
CVE-2012-0317
Vulnerability DescriptionMultiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.
| Weakness |
CWE-352 : Cross-Site Request Forgery (CSRF)
|
Product status
Known affected
| Product |
Score |
| MT less than 4.38 |
| CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
| 2.0 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
6.8
|
Medium
|
|
| MT greater than or equal 5 and less than 5.07 |
| CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
| 2.0 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
6.8
|
Medium
|
|
| MT greater than or equal 5.10 and less than 5.13 |
| CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
| 2.0 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
6.8
|
Medium
|
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
| Version |
Date of the revision |
Summary of the revision |
| 1 |
Sat Mar 3 00:00:00 2012 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/