Vulnerability Details : CVE-2013-0196
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2013-0196
- cpe:2.3:a:redhat:openshift:1.2:*:*:*:enterprise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0196
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0196
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2013-0196
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0196
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196
901364 – (CVE-2013-0196) CVE-2013-0196 OpenShift Enterprise and Online vulnerable to CSRF attack with REST APIExploit;Issue Tracking;Third Party Advisory
-
https://access.redhat.com/security/cve/cve-2013-0196
Red Hat Customer PortalThird Party Advisory
Jump to