Описание
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| cosmic | not-affected | 1.30.4+dfsg-1 |
| devel | not-affected | 1.30.4+dfsg-1 |
| disco | not-affected | 1.30.4+dfsg-1 |
| eoan | not-affected | 1.30.4+dfsg-1 |
| esm-apps/focal | not-affected | 1.30.4+dfsg-1 |
| esm-apps/jammy | not-affected | 1.30.4+dfsg-1 |
| esm-apps/noble | not-affected | 1.30.4+dfsg-1 |
| esm-apps/xenial | needed |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3