CSRF in Redhat Cloudforms

CVE-2013-6443

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (26.4th percentile) — read the EPSS interpretation.

Affected products

Redhat Cloudforms — versions 3.0
Redhat Cloudforms_3.0_management_engine — versions 5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

1029606 (vdb-entry, x_refsource_SECTRACK)
RHSA-2014:0025 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)