Executive Summary

Informations
Name CVE-2012-2055 First vendor Publication 2012-04-05
Vendor Cve Last vendor Modification 2012-04-09

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2055

CWE : Common Weakness Enumeration

idName
CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Internal Sources (Detail)

SourceUrl
CONFIRM https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation
MISC http://homakov.blogspot.com/2012/03/how-to.html
http://lwn.net/Articles/488702/

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 22:38:11
  • Multiple Updates