Red Hat · Spacewalk · CVE-2009-4139
**Name of the Vulnerable Software and Affected Versions**
Spacewalk versions 1.2.39
Red Hat Network Satellite versions 5.3.0 through 5.4.1
**Description**
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that disable the current user account, add user accounts, or modify user accounts to have administrator privileges.
**Recommendations**
For Spacewalk version 1.2.39, update to a version that fixes the CSRF vulnerability.
For Red Hat Network Satellite versions 5.3.0 through 5.4.1, update to a version that fixes the CSRF vulnerability.