PT-2011-1305 · Red Hat · Spacewalk+1

Christian Johansson

Publicado

2011-07-27

Atualizado

2017-08-17

CVE-2009-4139

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Spacewalk versions 1.2.39 Red Hat Network Satellite versions 5.3.0 through 5.4.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that disable the current user account, add user accounts, or modify user accounts to have administrator privileges.

Recommendations For Spacewalk version 1.2.39, update to a version that fixes the CSRF vulnerability. For Red Hat Network Satellite versions 5.3.0 through 5.4.1, update to a version that fixes the CSRF vulnerability.

Correção

Origin Validation Error

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346CWE-352

Identificadores relacionados

CVE-2009-4139

RHSA-2011:0879

Produtos afetados

Red Hat Network Satellite

Spacewalk

PT-2011-1305 · Red Hat · Spacewalk+1

CVE-2009-4139

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6