Описание
In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.
Ссылки
- https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265ExploitThird Party Advisory
- ExploitThird Party Advisory
- https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.95 (включая) до 0.108 (исключая)
Одно из
cpe:2.3:a:adguard:adguardhome:*:*:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:-:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta1:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta10:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta11:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta12:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta2:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta3:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta4:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta5:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta6:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta7:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta8:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta9:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00104
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
AdGuardHome vulnerable to Cross-Site Request Forgery
EPSS
Процентиль: 29%
0.00104
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-352