{
  "threat_severity" : "Moderate",
  "public_date" : "2013-12-17T00:00:00Z",
  "bugzilla" : {
    "description" : "cumin: CSRF protection does not work",
    "id" : "998561",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=998561"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-352",
  "details" : [ "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests." ],
  "acknowledgement" : "This issue was discovered by Tomáš Nováčik (Red Hat MRG Quality Engineering team).",
  "affected_release" : [ {
    "product_name" : "MRG for RHEL-5 v. 2",
    "release_date" : "2013-12-17T00:00:00Z",
    "advisory" : "RHSA-2013:1851",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2::el5",
    "package" : "cumin-0:0.1.5787-4.el5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-12-17T00:00:00Z",
    "advisory" : "RHSA-2013:1852",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "cumin-0:0.1.5787-4.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-12-17T00:00:00Z",
    "advisory" : "RHSA-2013:1852",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "rubygems-0:1.8.23.2-1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-4405\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4405" ],
  "name" : "CVE-2013-4405",
  "csaw" : false
}