Описание
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.9 (исключая)
cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00329
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
EPSS
Процентиль: 55%
0.00329
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
CWE-862