CVE-2011-0650

CVE Database · CVE-2011-0650

CVE-2011-0650

· N/AModified

CVSS v3.1

N/A

EPSS

1.06%

Published

Jan 28, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.

Weaknesses (CWE)

CWE-352

Affected Products (1)

greenbone · greenbone_security_assistantvulnerable

References (12)

http://secunia.com/advisories/43092

Not Applicable

http://www.openvas.org/OVSA20110118.html

Third Party Advisory

http://www.securityfocus.com/archive/1/515971/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/65012

https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html