Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3590

Опубликовано: 08 авг. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

Отчет

This issue affects the versions of foreman as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1128108rhn_satellite_6: cross-site request forgery (CSRF) can force logout

EPSS

Процентиль: 32%
0.0012
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2014-3590

CVSS3: 6.5
nvd
больше 5 лет назад

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

debian логотип

CVE-2014-3590

CVSS3: 6.5
debian
больше 5 лет назад

Versions of Foreman as shipped with Red Hat Satellite 6 does not check ...

github логотип

GHSA-246c-q58f-ccm9

github
около 3 лет назад

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

EPSS

Процентиль: 32%
0.0012
Низкий

4.3 Medium

CVSS2

Уязвимость CVE-2014-3590