Lucene search

K
attackerkbAttackerKBAKB:EC152C24-A152-4771-AE48-D77194B7D5E0
HistoryAug 03, 2021 - 12:00 a.m.

PEEL-CSRF

2021-08-0300:00:00
attackerkb.com
101

0.006 Low

EPSS

Percentile

78.4%

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The original request contains parameters that look like they may be anti-CSRF tokens. However, the request is successful if these parameters are removed.

Recent assessments:

nu11secur1ty at July 31, 2021 5:39pm UTC reported:

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The original request contains parameters that look like they may be anti-CSRF tokens. However, the request is successful if these parameters are removed.

Reproduce:

<https://github.com/nu11secur1ty/CVE-mitre/tree/main/PEEL-CSRF&gt;

Proof:

<https://streamable.com/jzts59&gt;

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 3

0.006 Low

EPSS

Percentile

78.4%

Related for AKB:EC152C24-A152-4771-AE48-D77194B7D5E0