Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions prior to 2.5, allow remote malicious users to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zenoss zenoss 2.3.0 |
||
zenoss zenoss 2.4.0 |
||
zenoss zenoss 2.4.2 |
||
zenoss zenoss 2.3.3 |
||
zenoss zenoss |