A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HRed Hat 3scale
APPRedhat2.4
Related vulnerabilities
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses s...
A use-after-free flaw was found in the Linux kernelβs Bluetooth subsystem in the way user calls connect to the...
It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could us...
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_...
A flaw was found in Red Hat 3scaleβs API docs URL, where it is accessible without credentials. This flaw allow...