Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zenoss | Zenoss | <= 2.4.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/61805
- http://secunia.com/advisories/38195Vendor Advisory
- http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-a
- http://www.securityfocus.com/archive/1/508982/100/0/threaded
- http://www.securityfocus.com/bid/37843Exploit
- http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-CVendor Advisory
- http://osvdb.org/61805
- http://secunia.com/advisories/38195Vendor Advisory
- http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-a
- http://www.securityfocus.com/archive/1/508982/100/0/threaded
- http://www.securityfocus.com/bid/37843Exploit
- http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-CVendor Advisory
FAQ
What is CVE-2010-0713?
CVE-2010-0713 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that...
How severe is CVE-2010-0713?
CVE-2010-0713 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0713?
Check the references section above for vendor advisories and patch information. Affected products include: Zenoss Zenoss.