Cross-Site Request Forgery (CSRF)

2020-05-1501:23:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

30.9%

JSON

cfme is vulnerable to cross-site request forgery (CSRF). The Referrer header is not properly validated, allowing for CSRF attacks.

CPENameOperatorVersion
cfmeeq5.2.3.2__1.el6cf
cfmeeq5.2.2.3__1.el6cf
cfmeeq5.2.1.8__1.el6cf
ruby193-rubygem-actionpackeq3.2.8__5.3.el6
ruby193-rubygem-actionpackeq3.2.8__1.el6
ruby193-rubygem-actionpackeq3.2.8__2.el6
ruby193-rubygem-actionpackeq3.2.8__5.1.el6
ruby193-rubygem-actionpackeq3.2.13__6.el6cf
ruby193-rubygem-actionpackeq3.2.13__4.el6cf
ruby193-rubygem-actionpackeq3.2.13__5.el6cf

Name	Operator	Version
cfme	eq	5.2.3.2__1.el6cf
cfme	eq	5.2.2.3__1.el6cf
cfme	eq	5.2.1.8__1.el6cf
ruby193-rubygem-actionpack	eq	3.2.8__5.3.el6
ruby193-rubygem-actionpack	eq	3.2.8__1.el6
ruby193-rubygem-actionpack	eq	3.2.8__2.el6
ruby193-rubygem-actionpack	eq	3.2.8__5.1.el6
ruby193-rubygem-actionpack	eq	3.2.13__6.el6cf
ruby193-rubygem-actionpack	eq	3.2.13__4.el6cf
ruby193-rubygem-actionpack	eq	3.2.13__5.el6cf