"Security Researchers" that "find" a problem and instead of contacting the developers publish the problem on CVE sites, reserve a CVE but don't update it and generally cause havoc....
I got to know about it because a user asked when an updated version will be available that fixes the CVE...
Checking that I didn't find any info on what the actual problem should be.
In the end it seems to be something that can be exploited when one can trick an admin into sharing their session-id....
