CVE-2019-14836

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-14836

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14836.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-14836

Published

2021-05-26T12:15:10.737Z

Modified

2026-04-10T04:14:55.758923Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1847605

Affected packages

Git / github.com/3scale/apicast

Affected ranges

Type

GIT

Repo

https://github.com/3scale/apicast

Events

Introduced

Last affected

620c1b269fafa29068e35b93c0c3e83de4ccf920

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4"
        }
    ]
}

Affected versions

2.*

2.4.0-DR1

3.*

3.0.0-beta1

3scale-2.*

3scale-2.0.0-CR1

3scale-2.0.0-ER4

3scale-2.0.0-ER4-2

3scale-2.0.0-ER5

3scale-2.1.0-CR1

3scale-2.1.0-ER1

3scale-2.1.0-ER2

3scale-2.2.0-DR2

3scale-2.2.0-ER1

3scale-2.2.0-ER2

3scale-2.3.0-ER1

3scale-2.4.0-DR1

RHAMP-2.*

RHAMP-2.0-ER2

RHAMP-2.0-ER3

v0.*

v0.1

v0.2

v3.*

v3.0.0

v3.0.0-alpha1

v3.0.0-alpha2

v3.0.0-beta1

v3.0.0-beta2

v3.0.0-beta3

v3.0.0-rc1

v3.1.0-alpha1

v3.1.0-beta1

v3.1.0-rc1

v3.2.0-beta1

v3.2.0-beta2

v3.2.0-beta3

v3.3.0-beta1

v3.3.0-beta2

v3.3.0-cr1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14836.json"