{"containers": {"cna": {"affected": [{"product": "OpenShift Enterprise", "vendor": "OpenShift", "versions": [{"status": "affected", "version": "1.2"}]}], "descriptions": [{"lang": "en", "value": "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Request Forgery ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-30T21:17:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2013-0196"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.499Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2013-0196"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0196", "datePublished": "2019-12-30T21:17:02", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.499Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:1.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DC920653-E8B1-4D46-B8C4-DC847DD1DDB0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de tipo CSRF en OpenShift Enterprise versi\u00f3n 1.2. La consola web est\u00e1 utilizando \"Basic authentication\" y la API REST no posee un mecanismo de protecci\u00f3n contra ataques de tipo CSRF. Esto puede permitir a un atacante obtener la credencial y el encabezado Autorization: cuando se solicita la API REST por medio del navegador web."}], "id": "CVE-2013-0196", "lastModified": "2024-11-21T01:47:02.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-30T22:15:11.213", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2013-0196"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2013-0196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jeremy Choi (Red Hat Hosted) and Shared Services team.", "affected_release": [{"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "activemq-0:5.6.0-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "libev-0:4.04-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "mcollective-0:2.2.1-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "mongodb-0:2.2.3-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "numpy-0:1.4.1-9.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-enterprise-upgrade-0:1.2.0-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-broker-0:1.5.2-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-broker-util-0:1.9.7-1.2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-console-0:1.5.19-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-msg-common-0:1.7.2-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "openshift-origin-util-scl-0:1.4.1-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-0:1-8.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-libyaml-0:0.1.4-4.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-ruby-0:1.9.3.429-34.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-actionmailer-1:3.2.8-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-actionpack-1:3.2.8-5.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-activemodel-0:3.2.8-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-activerecord-1:3.2.8-6.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-activeresource-1:3.2.8-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-activesupport-1:3.2.8-4.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-arel-0:3.0.2-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-bson-0:1.8.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-bson_ext-0:1.8.1-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-builder-0:3.0.0-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-bundler-0:1.1.4-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-chunky_png-0:1.2.6-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-coffee-rails-0:3.2.2-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-coffee-script-0:2.2.0-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-coffee-script-source-0:1.3.3-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-compass-0:0.12.2-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-compass-rails-0:1.0.3-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-diff-lcs-0:1.1.3-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-dnsruby-0:1.53-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-erubis-0:2.7.0-4.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-execjs-0:1.4.0-4.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-file-tail-0:1.0.5-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-formtastic-0:1.2.4-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-fssm-0:0.2.8.1-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-haml-0:3.1.7-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-hike-0:1.2.1-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-i18n-0:0.6.0-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-journey-0:1.0.4-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-jquery-rails-0:2.0.2-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-mail-0:2.4.4-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-mime-types-0:1.19-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-minitest-0:3.5.0-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-mongo-0:1.8.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-mongoid-0:3.0.21-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-moped-0:1.3.2-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-multi_json-0:1.3.6-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-net-http-persistent-0:2.7-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-open4-0:1.3.0-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-origin-0:1.0.7-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-parseconfig-0:1.0.2-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-passenger-0:3.0.17-11.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-polyglot-0:0.3.3-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rack-1:1.4.1-5.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rack-cache-0:1.2-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rack-protection-0:1.2.0-7.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rack-ssl-0:1.3.2-7.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rack-test-0:0.6.1-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rails-1:3.2.8-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-railties-0:3.2.8-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rdiscount-0:1.6.8-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-ref-0:1.0.0-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-regin-0:0.3.7-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-rest-client-0:1.6.1-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-safe_yaml-0:0.9.1-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-sass-0:3.1.20-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-sass-rails-0:3.2.5-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-sexp_processor-0:3.2.0-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-sprockets-0:2.4.5-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-spruz-0:0.2.5-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-state_machine-0:1.1.2-7.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-stomp-0:1.1.8-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-systemu-0:2.5.2-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-therubyracer-0:0.11.0-0.5.beta5.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-thor-0:0.15.4-1.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-tilt-0:1.3.3-8.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-treetop-0:1.4.10-6.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-tzinfo-0:0.3.33-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-uglifier-0:1.2.6-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-rubygem-xml-simple-0:1.0.12-10.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "ruby193-v8-1:3.14.5.8-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-openshift-origin-auth-remote-user-0:1.8.1-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-openshift-origin-common-0:1.8.11-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-openshift-origin-console-0:1.9.14-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-openshift-origin-controller-0:1.9.14-1.2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-openshift-origin-dns-nsupdate-0:1.5.2-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygem-openshift-origin-msg-broker-mcollective-0:1.9.9-1.1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygems-0:1.8.16-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}, {"advisory": "RHEA-2013:1031", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "yum-utils-0:1.1.30-14.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-07-09T00:00:00Z"}], "bugzilla": {"description": "OpenShift Enterprise and Online vulnerable to CSRF attack with REST API", "id": "901364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=901364"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-352", "details": ["A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser."], "name": "CVE-2013-0196", "public_date": "2014-09-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0196\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0196"], "threat_severity": "Moderate"}