CVE-2020-14319

Published: Aug 3, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

Exploitability: 1.6 / Impact: 4.2

Source: NVD

Description

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.

Affected (2)

Products: Redhat: Amq Online, Enmasse

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Amq Online	Before 1.5.2
Redhat Enmasse	Before 0.32.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1854373

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1854373

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.