Cross site request forgery (csrf)

2014-05-0814:29:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

CPENameOperatorVersion
fedoraeq20
fedoraeq19
zabbixeq2.0.9 rc1
zabbixeq2.0.1 rc2
zabbixeq2.0.0
zabbixeq2.2.0
zabbixeq2.0.4 rc1
zabbixeq2.0.5
zabbixeq2.0.0 rc1
zabbixeq2.0.6 rc1