tt-rss

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Web-based news feed (RSS/Atom) aggregator
Version 2:r10970.36e174750-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1684 2:r10198.6d8f2221b-2 2:r10820.4e81233ac-1 High Not affected
Issue Group Severity Remote Type Description
CVE-2021-28373 AVG-1684 High Yes Authentication bypass
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this...