Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4562

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-4562
Last Modified 14 May 2014 01:19:26
Published 13 May 2014 11:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4562

Summary

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.

Vulnerable Systems

Application

  • Madeofcode Omniauth-facebook 1.4.1


References

CONFIRM - https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7

MLIST - [ruby-security-ann] 20131114 [CVE-2013-4562] RubyGem omniauth-facebook CSRF vulnerability

OSVDB - 99693

MLIST - [oss-security] 20131112 Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability

MLIST - [oss-security] 20131112 CVE request: rubygem omniauth-facebook CSRF vurnerability

MISC - http://osvdb.org/ref/99/omniauth-facebook_gem.txt


Last Updated: 27 May 2016 11:05:13