AVG-1684 log

Package tt-rss
Status Not affected
Severity High
Type authentication bypass
Affected 2:r10198.6d8f2221b-2
Fixed 2:r10820.4e81233ac-1
Current 2:r11707.373a2fec3-1 [extra]
Ticket None
Created Sun Mar 14 08:21:15 2021
Issue Severity Remote Type Description
CVE-2021-28373 High Yes Authentication bypass
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this...