Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise MRG 1 | cumin | Will not fix | ||
| MRG for RHEL-5 v. 2 | condor | Fixed | RHSA-2012:1278 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | condor-wallaby | Fixed | RHSA-2012:1278 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | condor-wallaby-base-db | Fixed | RHSA-2012:1278 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | cumin | Fixed | RHSA-2012:1278 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | sesame | Fixed | RHSA-2012:1278 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | wallaby | Fixed | RHSA-2012:1278 | 19.09.2012 |
| Red Hat Enterprise MRG 2 | condor | Fixed | RHSA-2012:1281 | 19.09.2012 |
| Red Hat Enterprise MRG 2 | condor-wallaby | Fixed | RHSA-2012:1281 | 19.09.2012 |
| Red Hat Enterprise MRG 2 | condor-wallaby-base-db | Fixed | RHSA-2012:1281 | 19.09.2012 |
Показывать по
Дополнительная информация
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
EPSS
4.3 Medium
CVSS2