Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200612-14] Trac: Cross-site request forgery Vulnerability Scan
Vulnerability Scan Summary
Trac: Cross-site request forgery
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200612-14
(Trac: Cross-site request forgery)
Trac allows users to perform certain tasks via HTTP requests without
performing correct validation on those requests.
A possible hacker could entice an authenticated user to browse to a specially
crafted URL, allowing the attacker to execute actions in the Trac
instance as if they were the user.
There is no known workaround at this time.
All Trac users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/trac-0.10.1"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.