Описание
CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 13.0.0.32841 (включая)
cpe:2.3:a:filecloud:filecloud:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00104
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
EPSS
Процентиль: 29%
0.00104
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352