cbcvebase.
CVE-2012-2760
published 2012-07-25

CVE-2012-2760: mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

PriorityP410low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
1.00%
58.6th percentile
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianlibapache2-mod-auth-openid< libapache2-mod-auth-openid 0.7-0.1 (bullseye)libapache2-mod-auth-openid 0.7-0.1 (bullseye)
findingsciencemod_auth_openid<= 0.6
findingsciencemod_auth_openid
findingsciencemod_auth_openid
findingsciencemod_auth_openid
findingsciencemod_auth_openid
findingsciencemod_auth_openid
findingsciencemod_auth_openid

CVSS provenance

nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW
vendor_debian2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.