Lucene search

PRIOn knowledge basePRION:CVE-2011-0650

HistoryJan 28, 2011 - 4:00 p.m.

Cross site request forgery (csrf)

2011-01-2816:00:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.1%

JSON

Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.

CPENameOperatorVersion
greenbone_security_assistantle2.0

CPE	Name	Operator	Version
	greenbone_security_assistant	le	2.0

References

secunia.com/advisories/43092

www.openvas.org/OVSA20110118.html

www.securityfocus.com/archive/1/515971/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/65012

lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html

lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for PRION:CVE-2011-0650