CVE-2013-0196 — Cross-Site Request Forgery in Enterprise

CWE-352 — Cross-Site Request Forgery6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 70.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openshift Enterprise Redhat Openshift

Timeline

PublishedDec 30

Latest updateMay 5

Description

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5openshift/openshift_enterprise1.2

▶NVDredhat/openshift1.2

🔴Vulnerability Details

GHSA

GHSA-2w57-4v2r-38c4: A CSRF issue was found in OpenShift Enterprise 1↗2022-05-05

▶

CVEList

CVE-2013-0196: A CSRF issue was found in OpenShift Enterprise 1↗2019-12-30

▶

📋Vendor Advisories

Red Hat

OpenShift Enterprise and Online vulnerable to CSRF attack with REST API↗2014-09-05

▶

Red Hat

kernel: pty layer race condition leading to memory corruption↗2014-05-01

▶

💬Community

Bugzilla

CVE-2013-0196 OpenShift Enterprise and Online vulnerable to CSRF attack with REST API↗2013-01-18

▶