vulnerability

Red Hat OpenShift: CVE-2013-0196: OpenShift Enterprise and Online vulnerable to CSRF attack with REST API

Name: Red Hat OpenShift: CVE-2013-0196: OpenShift Enterprise and Online vulnerable to CSRF attack with REST API
Creator: Red Hat
Published: 2019-10-08T00:00:00.000Z
Keywords: CVE, CWE-352, Red Hat OpenShift, 2013, 0196, OpenShift Enterprise and Online vulnerable to CSRF attack with REST API, linuxrpm-upgrade-rubygem-openshift-origin-controller, Severity 4

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Oct 8, 2019

Added

Oct 8, 2019

Modified

Mar 30, 2026

Description

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

Solution

linuxrpm-upgrade-rubygem-openshift-origin-controller

References

CVE-2013-0196
https://attackerkb.com/topics/CVE-2013-0196
CWE-352
EUVD-EUVD-2013-0232
https://euvd.enisa.europa.eu/vulnerability/EUVD-2013-0232

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report