CVE-2012-6134 Common Vulnerabilities and Exposures

Upstream information

CVE-2012-6134 at MITRE

Description

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

SUSE-SU-2013:1036-1, published Mon Jun 17 15:04:10 MDT 2013

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Studio Onsite 1.3	`susestudio >= 1.3.1.0-0.5.2` `susestudio-bundled-packages >= 1.3.1.0-0.5.2` `susestudio-common >= 1.3.1.0-0.5.2` `susestudio-runner >= 1.3.1.0-0.5.2` `susestudio-sid >= 1.3.1.0-0.5.2` `susestudio-ui-server >= 1.3.1.0-0.5.2`	Patchnames: slestso13-susestudio

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 09:02:56 2013
CVE page last modified: Fri Oct 7 12:46:21 2022