CVE-2012-2405

critical

Published 2012-04-22 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2

Application impact

Vendor	Product	Versions
maian	gallery	`2.3`
maian	gallery	`2.3.1`
menalto	gallery	`2.2.6`
maian	gallery	`3.0`
maian	gallery	`3.0.1`
maian	gallery	`3.0.2`

References

http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2
https://bugzilla.redhat.com/show_bug.cgi?id=812045
https://exchange.xforce.ibmcloud.com/vulnerabilities/75201
http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2
https://bugzilla.redhat.com/show_bug.cgi?id=812045
https://exchange.xforce.ibmcloud.com/vulnerabilities/75201

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.