CVE-2014-0594

EPSS 0.13%
Veröffentlicht 08.06.2018 17:29:00
Zuletzt bearbeitet 21.11.2024 02:02:27
Quelle security@opentext.com
CVE-Watchlists
Login
Unerledigt
Login

CSRF protection incorrectly disabled

In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Open Build Service Version < 2.4.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.336

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
security@opentext.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://bugzilla.suse.com/show_bug.cgi?id=870606

https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8

https://nvd.nist.gov/vuln/detail/CVE-2014-0594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0594

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-0594