Описание
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.1 (включая)
cpe:2.3:a:spring_batch_admin_project:spring_batch_admin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00162
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality
EPSS
Процентиль: 38%
0.00162
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352