Lucene search

[email protected]CVE-2009-2738

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-2738

2022-10-0316:24:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-2738

cross-site request forgery

csrf

freenas

webgui

authentication hijacking

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

Affected configurations

NVD

Node

freenasfreenasRange≤0.69.2

freenasfreenasMatch0.69.1

CPENameOperatorVersion
freenas:freenasfreenasle0.69.2
freenas:freenasfreenaseq0.69.1

CPE	Name	Operator	Version
freenas:freenas	freenas	le	0.69.2
freenas:freenas	freenas	eq	0.69.1

References

jvn.jp/en/jp/JVN15267895/index.html

jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html

www.freenas.org/index.php?option=com_frontpage&Itemid=22

www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2009-2738

cvelist1 nvd1 jvn1 prion1