{
  "threat_severity" : "Moderate",
  "public_date" : "2013-01-30T00:00:00Z",
  "bugzilla" : {
    "description" : "samba: cross-site request forgery vulnerability in SWAT",
    "id" : "905704",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=905704"
  },
  "cvss" : {
    "cvss_base_score" : "2.9",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-352",
  "details" : [ "Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions." ],
  "acknowledgement" : "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2013-09-30T00:00:00Z",
    "advisory" : "RHSA-2013:1310",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "samba3x-0:3.6.6-0.136.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-03-17T00:00:00Z",
    "advisory" : "RHSA-2014:0305",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "samba-0:3.0.33-3.40.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-11-20T00:00:00Z",
    "advisory" : "RHSA-2013:1542",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "samba-0:3.6.9-164.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-0214\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0214" ],
  "name" : "CVE-2013-0214",
  "csaw" : false
}