Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-02-26T17:03:00
Updated: 2018-10-10T18:57:01
Reserved: 2010-02-26T00:00:00
Link: CVE-2010-0713
JSON object: View
NVD Information
Status : Modified
Published: 2010-02-26T17:30:01.563
Modified: 2018-10-10T19:53:25.857
Link: CVE-2010-0713
JSON object: View
Redhat Information
No data.
CWE