CVE-2020-10771
published 2021-06-02CVE-2020-10771: A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an…
PriorityP429high7.1CVSS 3.1
AVNACLPRNUIRSUCNILAH
EPSS
0.45%
35.5th percentile
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| infinispan | infinispan-server-rest | — | — |
| redhat | data_grid | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API
vendor_redhat·2020-06-04·CVSS 7.1
CVE-2020-10771 [HIGH] CWE-352 infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API
infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
A flaw was found in infinispan-server-rest version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a Cross-site request forgery (CSRF) attack.
Package: infinispan-rest (Red Hat Fuse 7) - Not affected
Package: infinispan-rest (Red Hat JBoss Data Grid 7) - Not affected
Package: infinispan-rest (Red Hat JBoss Data Virtualization 6) - Not affected
Package: infinispan-rest (Red
GHSA
GHSA-84m7-cxq5-q9xc: A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests
ghsa_unreviewed·2022-05-24
CVE-2020-10771 [HIGH] CWE-352 GHSA-84m7-cxq5-q9xc: A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
No detection rules found.
No public exploits indexed.
2021-06-02
Published