GHSA-72wf-hwcq-65h9

Опубликовано: 05 фев. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Cross-Site Request Forgery in Filebrowser

A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim.

Ссылки

Пакеты

Наименование

github.com/filebrowser/filebrowser/v2

Затронутые версииВерсия исправления

< 2.18.0

2.18.0

EPSS

Процентиль: 93%

0.09247

Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-46398

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-46398

CVSS3: 8.8

nvd

около 4 лет назад

A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.

EPSS

Процентиль: 93%

0.09247

Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-46398

Дефекты

CWE-352