PT-2011-1305 · Red Hat · Spacewalk+1

Christian Johansson

Published

2011-07-27

Updated

2017-08-17

CVE-2009-4139

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Spacewalk versions 1.2.39 Red Hat Network Satellite versions 5.3.0 through 5.4.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that disable the current user account, add user accounts, or modify user accounts to have administrator privileges.

Recommendations For Spacewalk version 1.2.39, update to a version that fixes the CSRF vulnerability. For Red Hat Network Satellite versions 5.3.0 through 5.4.1, update to a version that fixes the CSRF vulnerability.

Fix

Origin Validation Error

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346CWE-352

Related Identifiers

CVE-2009-4139

RHSA-2011:0879

Affected Products

Red Hat Network Satellite

Spacewalk

PT-2011-1305 · Red Hat · Spacewalk+1

CVE-2009-4139

Weakness Enumeration

Related Identifiers

Affected Products

References · 6