CVE-2010-3030

{"id": "CVE-2010-3030", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-17T20:00:04.017", "references": [{"url": "http://secunia.com/advisories/40876", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Tomaz Muraus Open Blog v1.2.1, y posiblemente anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones que modifican la contrase\u00f1a de administraci\u00f3n. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido exclusivamente de informaci\u00f3n de terceros."}], "lastModified": "2010-08-18T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tomaz-muraus:open_blog:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4464F4A-E8E6-4F69-BFF7-9A604EEFD03C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}