CVE-2013-0196

Published: Dec 30, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

Affected (1)

Products: Redhat: Openshift

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Openshift	Version 1.2

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 6.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://access.redhat.com/security/cve/cve-2013-0196

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://access.redhat.com/security/cve/cve-2013-0196

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.