CVE-2013-0196
N/A
N/A
Summary
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenShift | OpenShift Enterprise | 1.2 | affected |
Weaknesses
- Cross-Site Request Forgery
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196
- https://access.redhat.com/security/cve/cve-2013-0196
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196
- https://access.redhat.com/security/cve/cve-2013-0196
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.