CVE-2013-0196

MEDIUM

OpenShift Enterprise 1.2 - Cross-Site Request Forgery in Web Console

Title source: llm
STIX 2.1

Description

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2013-0196

Scores

CVSS v3 6.5
EPSS 0.0043
EPSS Percentile 35.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
redhat/openshift 1.2
Published Dec 30, 2019
Tracked Since Feb 18, 2026