CVE-2013-4405 — Cross-Site Request Forgery in Redhat Enterprise MRG

CWE-352 — Cross-Site Request Forgery5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 67.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise MRG

Timeline

PublishedDec 23

Latest updateMay 13

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/enterprise_mrg2.4

🔴Vulnerability Details

GHSA

GHSA-gpp7-2xpg-h4f8: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2↗2022-05-13

▶

CVEList

CVE-2013-4405: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2↗2013-12-23

▶

📋Vendor Advisories

Red Hat

cumin: CSRF protection does not work↗2013-12-17

▶

💬Community

Bugzilla

CVE-2013-4405 cumin: CSRF protection does not work↗2013-08-19

▶