CVE-2023-7038

MEDIUM4.3EPSS 0.14%

Cross-Site Request Forgery (CSRF) in automad/automad

發布日:2023/12/21修改日:2024/8/19

描述

automad up to 1.10.9 does not implement anti-CSRF tokens by default, making it vulnerable Cross-Site Request Forgery (CSRF). An attacker may exploit this vulnerability to force an admin into creating or deleting users. An exploit has been disclosed publicly.

受影響套件(1)

Packagist/automad/automadfrom 0, < 2.0.0-alpha.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-7038
PATCHhttps://github.com/marcantondahmen/automad
WEBhttps://github.com/screetsec/VDD/tree/main/Automad%20CMS/Cross-Site%20Request%20Forgery%20(CSRF)
WEBhttps://vuldb.com/?ctiid.248687
WEBhttps://vuldb.com/?id.248687