UBUNTU-CVE-2016-10206

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-10206

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-10206.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-10206

Related

CVE-2016-10206

Published

2017-03-03T15:59:00Z

Modified

2025-01-13T10:21:17Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.

References

Affected packages

Ubuntu:Pro:16.04:LTS / zoneminder

Package

Name: zoneminder
Purl: pkg:deb/ubuntu/zoneminder@1.29.0+dfsg-1ubuntu2+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.28.1-8

1.29.0+dfsg-1

1.29.0+dfsg-1ubuntu1

1.29.0+dfsg-1ubuntu2

1.29.0+dfsg-1ubuntu2+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}