Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10771

Опубликовано: 04 июн. 2020
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

A flaw was found in infinispan-server-rest version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a Cross-site request forgery (CSRF) attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Fuse 7infinispan-restNot affected
Red Hat JBoss Data Grid 7infinispan-restNot affected
Red Hat JBoss Data Virtualization 6infinispan-restNot affected
Red Hat JBoss Enterprise Application Platform 6infinispan-restNot affected
Red Hat JBoss Fuse Service Works 6infinispan-restNot affected
Red Hat Data Grid 8.2.0infinispan-server-restFixedRHSA-2021:213926.05.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1846293infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API

EPSS

Процентиль: 25%
0.00085
Низкий

7.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-10771

CVSS3: 7.1
nvd
больше 4 лет назад

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

github логотип

GHSA-84m7-cxq5-q9xc

github
больше 3 лет назад

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

EPSS

Процентиль: 25%
0.00085
Низкий

7.1 High

CVSS3