CVE-2013-7222

2014-01-0214:59:04

CWE-310

mitre

web.nvd.nist.gov

cve-2013-7222

nvd

security

vulnerability

fat free crm

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.

Affected configurations

Nvd

Node

fatfreecrmfat_free_crmRange≤0.12.0

fatfreecrmfat_free_crmMatch0.9.6

fatfreecrmfat_free_crmMatch0.9.7

fatfreecrmfat_free_crmMatch0.9.8

fatfreecrmfat_free_crmMatch0.9.9

fatfreecrmfat_free_crmMatch0.9.10

fatfreecrmfat_free_crmMatch0.10.1

fatfreecrmfat_free_crmMatch0.11.0

fatfreecrmfat_free_crmMatch0.11.1

fatfreecrmfat_free_crmMatch0.11.2

VendorProductVersionCPE
fatfreecrmfat_free_crm*cpe:2.3:a:fatfreecrm:fat_free_crm:*:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.9.6cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.6:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.9.7cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.7:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.9.8cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.8:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.9.9cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.9:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.9.10cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.10:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.10.1cpe:2.3:a:fatfreecrm:fat_free_crm:0.10.1:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.11.0cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.0:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.11.1cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.1:*:*:*:*:*:*:*
fatfreecrmfat_free_crm0.11.2cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fatfreecrm	fat_free_crm	*	cpe:2.3:a:fatfreecrm:fat_free_crm::::::::
fatfreecrm	fat_free_crm	0.9.6	cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.6:::::::*
fatfreecrm	fat_free_crm	0.9.7	cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.7:::::::*
fatfreecrm	fat_free_crm	0.9.8	cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.8:::::::*
fatfreecrm	fat_free_crm	0.9.9	cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.9:::::::*
fatfreecrm	fat_free_crm	0.9.10	cpe:2.3:a:fatfreecrm:fat_free_crm:0.9.10:::::::*
fatfreecrm	fat_free_crm	0.10.1	cpe:2.3:a:fatfreecrm:fat_free_crm:0.10.1:::::::*
fatfreecrm	fat_free_crm	0.11.0	cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.0:::::::*
fatfreecrm	fat_free_crm	0.11.1	cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.1:::::::*
fatfreecrm	fat_free_crm	0.11.2	cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.2:::::::*