admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2019-17633

Browse Source 
Signed-off-by: Wayne Beaton <wayne.beaton@eclipse-foundation.org>
This commit is contained in:
Wayne Beaton 2019-12-19 12:00:12 -05:00
parent 4fe1ca09a1
commit 86490ea9df
1 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2019/17xxx/CVE-2019-17633.json Normal file
View File

@ -0,0 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2019-17633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Eclipse Foundation",
"product": {
"product_data": [
{
"product_name": "Eclipse Che",
"version": {
"version_data": [
{
"version_value": "6.16.0 to 7.3.0 inclusive"
}
]
}
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Michael Grube"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551596",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551596"
}
]
}
}