CVE-2022-0226

MEDIUM4.3EPSS 0.12%

Cross-Site Request Forgery (CSRF) in livehelperchat

發布日:2022/1/26修改日:2023/12/6

也稱為:GHSA-6jmh-9gqm-5xrxBIT-livehelperchat-2022-0226

描述

A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed.

受影響套件(2)

Bitnami/livehelperchatfrom 0, < 2.0.0
Packagist/remdex/livehelperchatfrom 0, < 3.92

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0226
PATCHhttps://github.com/livehelperchat/livehelperchat
WEBhttps://github.com/livehelperchat/livehelperchat/commit/f59ffb02984c0ce2fbb19ac39365066507de9370
WEBhttps://huntr.dev/bounties/635d0abf-7680-47f6-a277-d9a91471c73f