CVE-2011-0650

Greenbone Security Assistant < 2.0 - Cross-Site Request Forgery via OMP Email Request

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515971/100/0/threaded
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43092
Third Party Advisory x_refsource_confirm
http://www.openvas.org/OVSA20110118.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65012

Scores

EPSS 0.0106
EPSS Percentile 60.5%

Details

CWE
CWE-352
Status published
Products (1)
greenbone/greenbone_security_assistant < 2.0
Published Jan 28, 2011
Tracked Since Feb 18, 2026