CVE-2011-3636

CWE-352Cross-Site Request Forgery (CSRF)6 documents5 sources
Severity
6.8MEDIUM
EPSS
0.2%
top 63.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Freeipa
Timeline
PublishedDec 8
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDredhat/freeipa2.1.3+15

🔴Vulnerability Details

2
GHSA
GHSA-62x7-6pjw-j8fh: Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 22022-05-17
CVEList
CVE-2011-3636: Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 22011-12-08

📋Vendor Advisories

1
Red Hat
FreeIPA: CSRF vulnerability2011-12-06

💬Community

2
Bugzilla
CVE-2011-3636 FreeIPA: CSRF vulnerability2011-10-20
Bugzilla
flash-plugin: security bulletin APSB10-262010-11-04
CVE-2011-3636 (MEDIUM CVSS 6.8) | Cross-site request forgery (CSRF) v | cvebase.io