CVE-2013-0196

Name of the Vulnerable Software and Affected Versions OpenShift Enterprise version 1.2

Description A CSRF issue was found in the web console, which uses 'Basic authentication', and the REST API lacks a CSRF attack protection mechanism. This allows an attacker to obtain credentials and the Authorization: header when requesting the REST API via a web browser.

Recommendations For OpenShift Enterprise version 1.2, consider implementing a CSRF attack protection mechanism for the REST API to prevent unauthorized access. As a temporary workaround, restrict access to the REST API to minimize the risk of exploitation.