CVE-2013-7107 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-7107 Interim 1 9 2022-12-02T02:55:52Z current 2021-05-30T13:16:47Z 2022-12-02T02:55:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-7107 Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-updates/2014-02/msg00061.html E-Mail link for openSUSE-SU-2014:0269-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Manager Client Tools for SLE 12 openSUSE Tumbleweed icinga icinga-1.13.3-2.4 icinga-devel-1.13.3-2.4 icinga-doc-1.13.3-2.4 icinga-idoutils-1.13.3-2.4 icinga-idoutils-mysql-1.13.3-2.4 icinga-idoutils-oracle-1.13.3-2.4 icinga-idoutils-pgsql-1.13.3-2.4 icinga-plugins-downtimes-1.13.3-2.4 icinga-plugins-eventhandlers-1.13.3-2.4 icinga-www-1.13.3-2.4 icinga-www-config-1.13.3-2.4 monitoring-tools-1.13.3-2.4 icinga-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-devel-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-doc-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-mysql-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-oracle-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-pgsql-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-plugins-downtimes-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-plugins-eventhandlers-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-www-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-www-config-1.13.3-2.4 as a component of openSUSE Tumbleweed monitoring-tools-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga as a component of SUSE Manager Client Tools for SLE 12 Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106. CVE-2013-7107 openSUSE Tumbleweed:icinga-1.13.3-2.4 openSUSE Tumbleweed:icinga-devel-1.13.3-2.4 openSUSE Tumbleweed:icinga-doc-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-mysql-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-oracle-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-pgsql-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-downtimes-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-eventhandlers-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-config-1.13.3-2.4 openSUSE Tumbleweed:monitoring-tools-1.13.3-2.4 SUSE Manager Client Tools for SLE 12:icinga moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P