PT-2023-10262 · Harrystech · Harrystech Dynosaur-Rails
11Harrystech
·
Published
2023-02-21
·
Updated
2024-05-17
·
CVE-2015-10083
CVSS v2.0
5.8
Medium
| Vector | AV:A/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
harrystech Dynosaur-Rails (affected versions not specified)
Description
A critical vulnerability has been found in harrystech Dynosaur-Rails, affecting the
basic auth function of the file app/controllers/application controller.rb. The manipulation leads to improper authentication.Recommendations
Apply the patch 04b223813f0e336aab50bff140d0f5889c31dbec to fix this issue. As a temporary workaround, consider disabling the
basic auth function until the patch is applied.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Harrystech Dynosaur-Rails