CVE-2019-14836

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
8.8HIGH
EPSS
0.2%
top 55.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat 3scale
Timeline
PublishedMay 26
Latest updateMay 24

Description

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDredhat/3scale2.4
CVEListV5red_hat_3scale_api_managementRed Hat 3scale API Management 2.10.0

🔴Vulnerability Details

2
GHSA
GHSA-9wj3-35xv-c6hq: 3scale dev portal login form does not verify CSRF token, and so does not protect against login CSRF2022-05-24
CVEList
CVE-2019-14836: A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF2021-05-26

📋Vendor Advisories

1
Red Hat
3scale: dev portal missing protection against login CSRF2020-05-18

💬Community

1
Bugzilla
CVE-2019-14836 3scale: dev portal missing protection against login CSRF2019-09-10
CVE-2019-14836 (HIGH CVSS 8.8) | A vulnerability was found that the | cvebase.io