CVE-2013-7222
published 2014-01-02CVE-2013-7222: config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.42%
82.1th percentile
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fatfreecrm | fat_free_crm | <= 0.12.0 | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | — | — |
| fatfreecrm | fat_free_crm | >= 0 < 0.12.1 | 0.12.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Fat Free CRM has fixed token value
ghsa·2022-05-17
CVE-2013-7222 [MEDIUM] CWE-330 Fat Free CRM has fixed token value
Fat Free CRM has fixed token value
`config/initializers/secret_token.rb` in Fat Free CRM before 0.12.1 has a fixed `FatFreeCRM::Application.config.secret_token` value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
OSV
Fat Free CRM has fixed token value
osv·2022-05-17
CVE-2013-7222 [MEDIUM] Fat Free CRM has fixed token value
Fat Free CRM has fixed token value
`config/initializers/secret_token.rb` in Fat Free CRM before 0.12.1 has a fixed `FatFreeCRM::Application.config.secret_token` value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://openwall.com/lists/oss-security/2013/12/28/2http://seclists.org/fulldisclosure/2013/Dec/199http://www.phenoelit.org/stuff/ffcrm.txthttps://github.com/fatfreecrm/fat_free_crm/commit/93c182dd4c6f3620b721d2a15ba6a6ecab5669dfhttps://github.com/fatfreecrm/fat_free_crm/issues/300https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29http://openwall.com/lists/oss-security/2013/12/28/2http://seclists.org/fulldisclosure/2013/Dec/199http://www.phenoelit.org/stuff/ffcrm.txthttps://github.com/fatfreecrm/fat_free_crm/commit/93c182dd4c6f3620b721d2a15ba6a6ecab5669dfhttps://github.com/fatfreecrm/fat_free_crm/issues/300https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29
2014-01-02
Published