GHSA-6xw3-cpqj-8mxr

Опубликовано: 01 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

ThinkCMF Cross Site Request Forgery (CSRF) vulnerability

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-40489
https://github.com/thinkcmf/thinkcmf/issues/736
https://github.com/thinkcmf/thinkcmf/commit/321faa20865e74540e5f0a63e4c3f4ea75093d59
https://github.com/thinkcmf/thinkcmf/commit/b61636134aa57d4693967f35772200c779099740

Пакеты

Наименование

thinkcmf/thinkcmf

composer

Затронутые версииВерсия исправления

< 6.0.8

6.0.8

EPSS

Процентиль: 16%

0.0005

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-40489

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-40489

CVSS3: 8.8

nvd

около 3 лет назад

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.

EPSS

Процентиль: 16%

0.0005

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-40489

Дефекты

CWE-352