VDB
CVE-2007-2233
CVE-2007-2233
PUBLISHED
CVSS 6.5 MEDIUM
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
EPSS 5.05% · 89.9th percentile
Risk Scores
CVSS v2.0
6.5
EPSS Score
5.05%
89.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cosign | cosign | 1.8.5, 0.7.0, 0.8.0 |
| n/a | n/a | n/a |
Timeline
- Apr 25, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- 20070411 Cosign SSO Authentication Bypass mailing-list
- 24845 third-party-advisory
- ADV-2007-1359 vdb
- http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt url
- https://nvd.nist.gov/vuln/detail/CVE-2007-2233 advisory