The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the URL of a RSS feed of the user.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Authen::externalauth | Mike_peachey | * | 0.08 (including) |
Authen::externalauth | Mike_peachey | 0.05 (including) | 0.05 (including) |