CVE-2022-23052

Опубликовано: 03 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.

Ссылки

https://fluidattacks.com/advisories/jett/
Exploit
Issue Tracking
Third Party Advisory
https://github.com/1modm/petereport/issues/34
Exploit
Issue Tracking
Third Party Advisory
https://fluidattacks.com/advisories/jett/
Exploit
Issue Tracking
Third Party Advisory
https://github.com/1modm/petereport/issues/34
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:petereport_project:petereport:0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00098

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-mvf8-mv9q-4hv5