Описание
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
A Cross-Site Request Forgery (CSRF) flaw was found in the pcsd web UI. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid pcsd session, would allow the attacker to trigger requests on behalf of the user, for example removing resources or restarting/removing nodes.
Отчет
This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, as the web UI functionality is disabled by default in pcsd.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | pcs | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Fixed | RHSA-2016:2596 | 03.11.2016 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs ...
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
4.3 Medium
CVSS2