vulnerability

Red Hat OpenShift: CVE-2013-0196: OpenShift Enterprise and Online vulnerable to CSRF attack with REST API

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Oct 8, 2019	Oct 8, 2019	Apr 14, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Oct 8, 2019

Added

Oct 8, 2019

Modified

Apr 14, 2025

Description

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

Solution

linuxrpm-upgrade-rubygem-openshift-origin-controller

References

CVE-2013-0196
https://attackerkb.com/topics/CVE-2013-0196

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today