2 matches found
CVE-2014-0594
The CVE-2014-0594 entry corresponds to the Open Build Service (OBS) before version 2.4.6, where CSRF protection was incorrectly disabled in the web interface. This allows an attacker to issue requests without user consent, with impact across confidentiality, integrity, and availability as reflect...
CVE-2014-0594 CSRF protection incorrectly disabled
In the Open Build Service OBS before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent...