The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2015-12-31T02:00:00
Updated: 2024-08-06T05:32:20.629Z
Reserved: 2015-04-03T00:00:00
Link: CVE-2015-2912
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2015-12-31T05:59:08.593
Modified: 2015-12-31T20:32:36.447
Link: CVE-2015-2912
Redhat
No data.