CVE-2011-0650
Greenbone Security Assistant < 2.0 - Cross-Site Request Forgery via OMP Email Request
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515971/100/0/threaded
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43092
Third Party Advisory x_refsource_confirm
http://www.openvas.org/OVSA20110118.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65012
Mailing List mailing-list
x_refsource_mlist
https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html
Mailing List mailing-list
x_refsource_mlist
https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html
Scores
EPSS
0.0106
EPSS Percentile
60.5%
Details
CWE
CWE-352
Status
published
Products (1)
greenbone/greenbone_security_assistant
< 2.0
Published
Jan 28, 2011
Tracked Since
Feb 18, 2026