Input validation error in pebble - CVE-2012-5170
Published: November 4, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43365
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-5170
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: cockroachdb
Affected software:
pebble
pebble
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
How to mitigate CVE-2012-5170
Install update from vendor's website.