Описание
3scale dev portal login form does not verify CSRF token, and so does not protect against login CSRF.
3scale dev portal login form does not verify CSRF token, and so does not protect against login CSRF.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-14836
- https://access.redhat.com/errata/RHSA-2021:1129
- https://access.redhat.com/security/cve/CVE-2019-14836
- https://access.redhat.com/security/cve/CVE-2019-14836,
- https://bugzilla.redhat.com/show_bug.cgi?id=1750928
- https://bugzilla.redhat.com/show_bug.cgi?id=1847605
Связанные уязвимости
CVSS3: 5.4
redhat
больше 5 лет назад
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.
CVSS3: 8.8
nvd
больше 4 лет назад
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.