PT-2012-4741 · Ushahidi · Ushahidi Platform

Dennison Williams

Published

2012-08-12

Updated

2012-08-13

CVE-2012-3472

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ushahidi Platform versions prior to 2.5

Description The issue concerns the email API in the Ushahidi Platform, which does not require authentication. This allows remote attackers to list, delete, or organize messages via a GET request to the API endpoint.

Recommendations For versions prior to 2.5, consider requiring authentication for the email API to prevent unauthorized access. As a temporary workaround, restrict access to the email API endpoint to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-3472

Affected Products

Ushahidi Platform

PT-2012-4741 · Ushahidi · Ushahidi Platform

CVE-2012-3472

Weakness Enumeration

Related Identifiers

Affected Products

References · 4