RHCOS 6 : openshift-console (RHSA-2012:1555)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2012:1555 advisory. - openshift-console: CSRF attack CVE-2012-5622 Note that Nessus has not tested for this issue but has instead relied only on the application'...

CVE-2012-5622

OpenShift CSRF in the management console (openshift-console/app/controllers/application_controller.rb) of OpenShift 0.0.5 allows an attacker to hijack user sessions. The issue is confirmed across multiple sources (RHSA-2012:1555, Veracode summary, CVE-2012-5622). Root cause: improper CSRF protect...