Количество 2
Количество 2
CVE-2023-25569
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages.
GHSA-fmxq-v8mg-qh25
apollo-portal has potential CSRF issue
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-25569 Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages. | CVSS3: 5.7 | 0% Низкий | почти 3 года назад |
| GHSA-fmxq-v8mg-qh25 apollo-portal has potential CSRF issue | CVSS3: 5.7 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу