CVE-2013-0196
CVSS V2 Medium 4.3
CVSS V3 Medium 6.5
Description
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
Overview
- CVE ID
- CVE-2013-0196
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2019-12-30T22:15:11
- Last Modified Date
- 2023-02-13T00:27:42
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:redhat:openshift:1.2:*:*:*:enterprise:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 4.3
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 6.5
- Base Severity
- MEDIUM
- Exploitability Score
- 2.8
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/errata/RHEA-2013:1031 | |
| https://access.redhat.com/security/cve/CVE-2013-0196 | |
| https://access.redhat.com/security/cve/cve-2013-0196 | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=901364 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196 | Exploit Issue Tracking Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2013-0196 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0196 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 16:54:20 | Added to TrackCVE | |||
| 2022-12-04 08:47:26 | 2019-12-30T22:15Z | 2019-12-30T22:15:11 | CVE Published Date | updated |
| 2022-12-04 08:47:26 | 2020-01-08T17:34:03 | CVE Modified Date | updated | |
| 2022-12-04 08:47:26 | Analyzed | Vulnerability Status | updated | |
| 2023-02-02 19:09:32 | 2023-02-02T18:17:03 | CVE Modified Date | updated | |
| 2023-02-02 19:09:32 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-02 19:09:33 | A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | CVE-2013-0196 OpenShift Enterprise and Online vulnerable to CSRF attack with REST API | Description | updated |
| 2023-02-02 19:09:34 | References | updated | ||
| 2023-02-13 01:09:59 | 2023-02-13T00:27:42 | CVE Modified Date | updated | |
| 2023-02-13 01:10:00 | CVE-2013-0196 OpenShift Enterprise and Online vulnerable to CSRF attack with REST API | A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | Description | updated |