Описание
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:3scale:2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00301
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.4
redhat
больше 5 лет назад
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.
CVSS3: 8.8
github
больше 3 лет назад
3scale dev portal login form does not verify CSRF token, and so does not protect against login CSRF.
EPSS
Процентиль: 53%
0.00301
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352