CVE-2013-0214 — Cross-Site Request Forgery in Samba

CWE-352 — Cross-Site Request Forgery11 documents8 sources

Severity

5.1MEDIUMNVD

EPSS

4.9%

top 10.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedFeb 2

Latest updateMay 5

Description

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/samba< samba 2:3.6.6-5 (bookworm)

▶Debiansamba/samba< 2:3.6.6-5+3

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.13

▶NVDsamba/samba140 versions+139

🔴Vulnerability Details

GHSA

GHSA-h9pm-h729-wj6q: Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3↗2022-05-05

▶

OSV

samba vulnerabilities↗2016-03-08

▶

OSV

CVE-2013-0214: Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3↗2013-02-02

▶

📋Vendor Advisories

CISA ICS

Omron NS Series HMI Vulnerabilities↗2019-01-31

▶

Ubuntu

Samba vulnerabilities↗2016-03-08

▶

Red Hat

samba: cross-site request forgery vulnerability in SWAT↗2013-01-30

▶

Debian

CVE-2013-0214: samba - Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration ...↗2013

▶

💬Community

Bugzilla

CVE-2013-0213 CVE-2013-0214 samba various flaws [fedora-all]↗2013-01-30

▶

Bugzilla

CVE-2013-0213 CVE-2013-0214 samba4 various flaws [fedora-17]↗2013-01-30

▶

Bugzilla

CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT↗2013-01-30

▶