CVE-2024-27474

Опубликовано: 10 апр. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.

Ссылки

https://drive.proton.me/urls/67VER05Z84#f0fXnmp8o6Y9
Broken Link
https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Users/Controllers/NewUser.php#L16
Product
https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md
Exploit
Third Party Advisory
https://drive.proton.me/urls/67VER05Z84#f0fXnmp8o6Y9
Broken Link
https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Users/Controllers/NewUser.php#L16
Product
https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leantime:leantime:3.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00365

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-rfq8-469g-mx7f