Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-0196

Опубликовано: 05 сент. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=901364OpenShift Enterprise and Online vulnerable to CSRF attack with REST API

EPSS

Процентиль: 30%
0.0011
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2013-0196

CVSS3: 6.5
nvd
около 6 лет назад

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

github логотип

GHSA-2w57-4v2r-38c4

CVSS3: 6.5
github
почти 4 года назад

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

EPSS

Процентиль: 30%
0.0011
Низкий

4.3 Medium

CVSS2