GHSA-p4xx-w6fr-c4w9

Опубликовано: 02 фев. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2

Clockwork Web before 0.1.2, when used with Rails before 5.2 is used, allows Cross-Site Request Forgery (CSRF). A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs. All users running an affected release on Rails < 5.2 should upgrade immediately.

Ссылки

Пакеты

Наименование

clockwork_web

rubygems

Затронутые версииВерсия исправления

< 0.1.2

0.1.2

EPSS

Процентиль: 54%

0.00313

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-25015

Дефекты

CWE-352

CWE-652

Связанные уязвимости

CVE-2023-25015

CVSS3: 6.5

nvd

около 3 лет назад

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

EPSS

Процентиль: 54%

0.00313

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-25015

Дефекты

CWE-352

CWE-652