Описание
Casdoor Cross-Site Request Forgery vulnerability
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
Пакеты
Наименование
github.com/casdoor/casdoor
go
Затронутые версииВерсия исправления
<= 1.331.0
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
больше 2 лет назад
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.