Описание
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
Ссылки
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:infinispan:infinispan-server-rest:10.0.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00085
Низкий
7.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 7.1
redhat
больше 5 лет назад
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
github
больше 3 лет назад
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
EPSS
Процентиль: 25%
0.00085
Низкий
7.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352