Back to bug 1299614
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-01-18 18:45:23 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-18 18:45:23 UTC | Doc Type | --- | Bug Fix |
| Martin Prpič | 2016-01-18 18:57:42 UTC | Blocks | 1299618 | |
| Martin Prpič | 2016-01-18 19:02:17 UTC | CC | omular | |
| Martin Prpič | 2016-01-18 19:05:35 UTC | Summary | EMBARGOED CVE-2016-0720 pcsd: Cross-Site Request Forgery in web UI | EMBARGOED CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI |
| Ján Rusnačko | 2016-01-19 07:23:58 UTC | CC | jrusnack | |
| Martin Prpič | 2016-01-19 09:32:46 UTC | Whiteboard | impact=moderate,public=no,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=affected,rhel-7/pcs=affected,fedora-all/pcs=affected | impact=moderate,public=no,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=affected,fedora-all/pcs=affected |
| Martin Prpič | 2016-02-16 08:52:20 UTC | Whiteboard | impact=moderate,public=no,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=affected,fedora-all/pcs=affected | impact=moderate,public=20160216,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=affected,fedora-all/pcs=affected |
| Martin Prpič | 2016-02-16 08:53:13 UTC | Summary | EMBARGOED CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI | CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI |
| Martin Prpič | 2016-02-16 08:53:17 UTC | Group | security, qe_staff | |
| Martin Prpič | 2016-02-16 08:53:45 UTC | Depends On | 1308827 | |
| Martin Prpič | 2016-04-27 08:42:49 UTC | Depends On | 1330884 | |
| Martin Prpič | 2016-05-05 08:29:33 UTC | Whiteboard | impact=moderate,public=20160216,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=affected,fedora-all/pcs=affected | impact=moderate,public=20160216,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=defer,fedora-all/pcs=affected |
| Huzaifa S. Sidhpurwala | 2016-08-23 06:39:26 UTC | Blocks | 1323912 | |
| Martin Prpič | 2016-10-03 07:43:29 UTC | Doc Text | A Cross-Site Request Forgery (CSRF) flaw was found in the pcsd web UI. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid pcsd session, would allow the attacker to trigger requests on behalf of the user, for example removing resources or restarting/removing nodes. | |
| Tomas Hoger | 2016-10-26 21:29:22 UTC | Whiteboard | impact=moderate,public=20160216,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=defer,fedora-all/pcs=affected | impact=moderate,public=20160216,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=affected,fedora-all/pcs=affected |
| Huzaifa S. Sidhpurwala | 2016-11-06 04:27:28 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-06 00:27:28 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=moderate,public=20160216,reported=20160105,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-352,rhel-6/pcs=wontfix,rhel-7/pcs=affected,fedora-all/pcs=affected |
Back to bug 1299614