CVE-2014-0594

Published: Jun 8, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.

Affected (1)

Products: Opensuse: Open Build Service

Opensuse

1 product

Open Build Service

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Open Build Service	Before 2.4.6

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://bugzilla.suse.com/show_bug.cgi?id=870606

Source: security@opentext.com

https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=870606

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.