CVE-2013-0196
MEDIUMOpenShift Enterprise 1.2 - Cross-Site Request Forgery in Web Console
Title source: llmDescription
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2013-0196
Scores
CVSS v3
6.5
EPSS
0.0043
EPSS Percentile
35.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
redhat/openshift
1.2
Published
Dec 30, 2019
Tracked Since
Feb 18, 2026