Описание
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2021x:*:*:*:business:*:*:*
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2022x:*:*:*:business:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2021x:*:*:*:enterprise:*:*:*
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2022x:*:*:*:enterprise:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2021x:*:*:*:business_pro:*:*:*
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2022x:*:*:*:business_pro:*:*:*
Конфигурация 4
Одно из
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2021x:*:*:*:standard:*:*:*
cpe:2.3:a:3ds:teamwork_cloud_no_magic_release:2022x:*:*:*:standard:*:*:*
EPSS
Процентиль: 36%
0.00155
Низкий
6.8 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 6.4
github
больше 2 лет назад
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to send a specifically crafted query to the server.
EPSS
Процентиль: 36%
0.00155
Низкий
6.8 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-352
CWE-352