exploitDog

CVE-2019-13183

Опубликовано: 07 июл. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.

Ссылки

https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released
Release Notes
Vendor Advisory
https://github.com/flarum/core/blob/master/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6
Third Party Advisory
https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released
Release Notes
Vendor Advisory
https://github.com/flarum/core/blob/master/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:flarum:flarum:0.1.0:-:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta2:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta3:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta4:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta5:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta6:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta7:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta7.1:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta7.2:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta8:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta8.1:*:*:*:*:*:*

cpe:2.3:a:flarum:flarum:0.1.0:beta8.2:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.002

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

EPSS

Процентиль: 42%

0.002

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352