CVE-2019-14836

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-14836
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1847605 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:3scale:2.4:*:*:*:*:*:*:*
History

12 Feb 2023, 23:35

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2019-14836', 'name': 'https://access.redhat.com/security/cve/CVE-2019-14836', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2021:1129', 'name': 'https://access.redhat.com/errata/RHSA-2021:1129', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1750928', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1750928', 'tags': [], 'refsource': 'MISC'}
Summary It was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks. A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

02 Feb 2023, 16:19

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2019-14836 -
  • (MISC) https://access.redhat.com/errata/RHSA-2021:1129 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1750928 -
Summary A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks. It was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

02 Jun 2021, 21:01

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:3scale:2.4:*:*:*:*:*:*:*
CWE CWE-352
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1847605 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1847605 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : 6.8
v3 : 8.8

02 Jun 2021, 11:15

Type Values Removed Values Added
CWE CWE-352
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2019-14836,', 'name': 'https://access.redhat.com/security/cve/CVE-2019-14836,', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1750928', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1750928', 'tags': [], 'refsource': 'MISC'}
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1847605 -
Summary 3scale dev portal login form does not verify CSRF token, and so does not protect against login CSRF. A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

26 May 2021, 12:44

Type Values Removed Values Added
CWE CWE-352

26 May 2021, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-05-26 12:15

Updated : 2023-12-10 13:55

NVD link : CVE-2019-14836

Mitre link : CVE-2019-14836

CVE.ORG link : CVE-2019-14836

JSON object : View

Products Affected

redhat

  • 3scale
CWE
CWE-352

Cross-Site Request Forgery (CSRF)