Description
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/Betterment/test_track/releases/tag/v1.0.1
Scores
CVSS v3
7.5
EPSS
0.0181
EPSS Percentile
75.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-287
Status
published
Products (1)
betterment/testtrack
< 1.0
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026