Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 883227 (CVE-2012-5622) - CVE-2012-5622 openshift-console: CSRF attack
Summary: CVE-2012-5622 openshift-console: CSRF attack
Alias: CVE-2012-5622
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 878754
Blocks: 883523
TreeView+ depends on / blocked
Reported: 2012-12-04 04:58 UTC by Kurt Seifried
Modified: 2021-02-17 08:17 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-12-16 04:50:52 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1555 0 normal SHIPPED_LIVE Important: openshift-console security update 2012-12-11 02:00:46 UTC

Description Kurt Seifried 2012-12-04 04:58:57 UTC
Jeremy Choi of Red Hat reports:

There is no CSRF attack protection mechanism on the web console. While users 
are authenticated malicious links or scripts provided by attackers can cause 
unwanted action which the user does not want to do.

Comment 1 errata-xmlrpc 2012-12-10 21:03:52 UTC
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise

Via RHSA-2012:1555 https://rhn.redhat.com/errata/RHSA-2012-1555.html

Comment 2 Murray McAllister 2012-12-19 00:56:07 UTC

This issue was discovered by Red Hat.

Note You need to log in before you can comment on or make changes to this bug.