CVE-2013-7107

Icinga < 1.10.2 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
https://dev.icinga.org/issues/5346
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00061.html
Vendor Advisory x_refsource_misc
https://dev.icinga.org/issues/5250
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/16/4

Scores

EPSS 0.0101
EPSS Percentile 58.9%

Details

CWE
CWE-352
Status published
Products (37)
icinga/icinga 0.8.0
icinga/icinga 0.8.1
icinga/icinga 0.8.2
icinga/icinga 0.8.3
icinga/icinga 0.8.4
icinga/icinga 1.0 (2 CPE variants)
icinga/icinga 1.0.1
icinga/icinga 1.0.2
icinga/icinga 1.0.3
icinga/icinga 1.2.0
... and 27 more
Published Jan 15, 2014
Tracked Since Feb 18, 2026