Описание
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.14 (включая)
Одно из
cpe:2.3:a:orientdb:orientdb:*:*:*:*:community:*:*:*
cpe:2.3:a:orientdb:orientdb:2.1.0:*:*:*:community:*:*:*
EPSS
Процентиль: 56%
0.00343
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 7 лет назад
OrientDB-Server vulnerable to Cross-Site Request Forgery
EPSS
Процентиль: 56%
0.00343
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352