Vulnerability Details : CVE-2012-5622
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2012-5622
- cpe:2.3:a:redhat:openshift:0.0.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5622
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5622
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-5622
-
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5622
-
https://github.com/openshift/origin-server/pull/1009
BZ878754 No CSRF attack protection in console by calfonso · Pull Request #1009 · openshift/origin-server · GitHub
-
http://rhn.redhat.com/errata/RHSA-2012-1555.html
RHSA-2012:1555 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=883227
883227 – (CVE-2012-5622) CVE-2012-5622 openshift-console: CSRF attack
-
http://osvdb.org/88333
-
https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e
BZ878754 No CSRF attack protection in console · openshift/origin-server@1ad0d1d · GitHubPatch
Jump to