CVE-2020-14319

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-14319

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14319.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-14319

Published

2020-08-03T17:15:11.730Z

Modified

2026-04-10T04:25:27.270675Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1854373

Affected packages

Git / github.com/enmasseproject/enmasse

Affected ranges

Type

GIT

Repo

https://github.com/enmasseproject/enmasse

Events

Introduced

Fixed

e811efd1b9bcbc71231a2681a6992e66a6c9c96b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.32.2"
        }
    ]
}

Affected versions

0.*

0.10.0

0.11.0

0.11.1

0.11.2

0.12.0

0.12.3

0.13.0

0.13.0-rc1

0.13.0-rc2

0.13.0-rc3

0.13.0-rc4

0.13.2

0.14.0

0.14.0-rc1

0.14.0-rc2

0.32.0-rc1

0.32.2-rc1

0.32.2-rc2

0.32.2-rc3

0.4

0.5

0.7

0.8.0

0.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14319.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.5.2"
            }
        ]
    }
]