CVE-2019-14836

Source
https://cve.org/CVERecord?id=CVE-2019-14836
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14836.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-14836
Published
2021-05-26T12:15:10.737Z
Modified
2026-07-08T19:02:08.170775Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

References

Affected packages

Git / github.com/3scale/apicast

Affected ranges

Type
GIT
Repo
https://github.com/3scale/apicast
Events
Database specific
{
    "cpe": "cpe:2.3:a:redhat:3scale:2.4:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.4"
        },
        {
            "last_affected": "2.4"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2.*
2.4
2.4.0-DR1
3scale-2.*
3scale-2.4.0-DR1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14836.json"