The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.8%