CVE-2016-6521

{"id": "CVE-2016-6521", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-01-23T21:59:02.080", "references": [{"url": "http://www.openwall.com/lists/oss-security/2016/08/02/11", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/08/02/2", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/08/03/9", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/92267", "source": "cve@mitre.org"}, {"url": "https://github.com/sheehan/grails-console/issues/54", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/sheehan/grails-console/issues/55", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en la consola de Grails (tambi\u00e9n conocida como Grails Debug Console y Grails Web Console) 2.0.7, 1.5.10 y versiones anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que ejecuten c\u00f3digo Groovy arbitrario a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-01-26T02:59:02.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gopivotal:grails:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "680CBD14-8425-48AE-8889-098CB766307A", "versionEndIncluding": "1.5.9"}, {"criteria": "cpe:2.3:a:gopivotal:grails:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28BEE9DC-DC76-4200-AAE1-D37B939BE805"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}