{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-07T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1851", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:13.206Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:1851", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4405", "datePublished": "2013-12-23T22:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:13.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades cross-site request forgery (CSRF) en la interfaz web de cumin en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios cumin en peticiones no especificadas."}], "id": "CVE-2013-4405", "lastModified": "2024-11-21T01:55:30.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-23T22:55:02.787", "references": [{"source": "secalert@redhat.com", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Tom\u00e1\u0161 Nov\u00e1\u010dik (Red Hat MRG Quality Engineering team).", "affected_release": [{"advisory": "RHSA-2013:1851", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "cumin-0:0.1.5787-4.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "cumin-0:0.1.5787-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygems-0:1.8.23.2-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}], "bugzilla": {"description": "cumin: CSRF protection does not work", "id": "998561", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998561"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-352", "details": ["Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests."], "name": "CVE-2013-4405", "public_date": "2013-12-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4405\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4405"], "threat_severity": "Moderate"}