CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
39.7%
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before
1.53 and 1.6 before 1.61 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
Author | Note |
---|---|
jdstrand | 8.04 LTS does not provide a web interface 9.04 switched http implementations from shttpd to evhttpd. As a result, the upstream patch is not valid on 8.10 and a new patch needs to be written from scratch. The web interface in 8.10 is considered beta and is disabled by default. The web interface must be enabled and the user must be tricked into navigating his/her browser to a malicious site while transmission is running. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 9.04 | noarch | transmission | < 1.51-0ubuntu3.1 | UNKNOWN |