exploitDog

CVE-2017-1000008

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.

Ссылки

https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a
Third Party Advisory
https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chyrp-lite_project:chyrp_lite:2016.04:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-f2jh-c997-v9jr

CVSS3: 8.8

github

больше 3 лет назад

Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.

EPSS

Процентиль: 22%

0.00071

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352