Описание
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.0 (включая)
cpe:2.3:a:apache:brooklyn:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00186
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
EPSS
Процентиль: 41%
0.00186
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352