CVE-2013-6496

CWE-200Information ExposureCWE-306Missing AuthenticationCWE-862Missing Authorization6 documents5 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 51.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Conga
Timeline
PublishedOct 6
Latest updateMay 17

Description

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDredhat/conga0.12.2

🔴Vulnerability Details

2
GHSA
GHSA-qg9g-f276-3vp4: Red Hat Conga 02022-05-17
CVEList
CVE-2013-6496: Red Hat Conga 02014-10-06

📋Vendor Advisories

1
Red Hat
conga: Multiple information leak flaws in various luci site extensions2014-09-16

💬Community

2
Bugzilla
CVE-2013-6496 conga: Multiple information leak flaws in various luci site extensions2013-06-06
Bugzilla
CVE-2012-6497 rubygem-authlogic: potential unsafe find_by_id method calls2013-01-04
CVE-2013-6496 (MEDIUM CVSS 5) | Red Hat Conga 0.12.2 allows remote | cvebase.io