CVE-2016-0720

CWE-352Cross-Site Request Forgery (CSRF)8 documents7 sources
Severity
8.8HIGH
EPSS
0.3%
top 48.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Clusterlabs PCSFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedApr 21
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Debianpcs< 0.9.149-1+3
NVDclusterlabs/pcs0.9.148

Also affects: Fedora 22, 23, Enterprise Linux 7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-ww6q-37hf-xhwr: Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 02022-05-17
CVEList
CVE-2016-0720: Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 02017-04-21
OSV
CVE-2016-0720: Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 02017-04-21

📋Vendor Advisories

2
Red Hat
pcs: Cross-Site Request Forgery in web UI2016-02-16
Debian
CVE-2016-0720: pcs - Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9...2016

💬Community

2
Bugzilla
CVE-2016-0720 CVE-2016-0721 pcs: various flaws [fedora-all]2016-02-16
Bugzilla
CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI2016-01-18
CVE-2016-0720 (HIGH CVSS 8.8) | Cross-site request forgery (CSRF) v | cvebase.io