CVEs-PoC/2018/CVE-2018-12413.md

### [CVE-2018-12413](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12413)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20Messaging%20-%20Apache%20Kafka%20Distribution%20-%20Schema%20Repository%20-%20Community%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20Messaging%20-%20Apache%20Kafka%20Distribution%20-%20Schema%20Repository%20-%20Enterprise%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20impact%20of%20this%20vulnerability%20includes%20the%20theoretical%20possibility%20that%20an%20attacker%20could%20gain%20full%20access%20to%20the%20configuration%20of%20message%20schemas%20used%20with%20an%20Apache%20Kafka%20deployment.%20With%20such%20access%2C%20the%20attacker%20could%20also%20configure%20Apache%20Kafka%20communications%20to%20fail.&color=brighgreen)

### Description

The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.

### POC

#### Reference
- https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository

#### Github
No PoCs found on GitHub currently.