CVE-2012-3362

Name of the Vulnerable Software and Affected Versions eXtplorer versions 2.1 RC3 and earlier

Description The issue concerns multiple vulnerabilities in the eXtplorer package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, a cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action.

Recommendations For versions 2.1 RC3 and earlier, consider disabling the adduser admin action as a temporary workaround until a patch is available. Restrict access to administrator accounts to minimize the risk of exploitation. Avoid using the vulnerable adduser function in the affected API endpoint until the issue is resolved.