CVE-2022-39268

🗓️ 30 Sep 2022 20:25:10Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 50 Views

In a CSRF attack, an innocent end user is tricked into submitting a web request, causing actions including data leakage, session state change, and account manipulation. Upgrade to v2022.09.10 to patch this vulnerability

Reporter	Title	Published	Views	Family All 9
CNNVD	orchest 跨站请求伪造漏洞	30 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance	30 Sep 202220:25	–	cvelist
EUVD	EUVD-2022-41775	3 Oct 202520:07	–	euvd
NVD	CVE-2022-39268	30 Sep 202221:15	–	nvd
OSV	CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance	30 Sep 202220:25	–	osv
Prion	Design/Logic Flaw	30 Sep 202221:15	–	prion
Positive Technologies	PT-2022-24857 · Orchest · Orchest	30 Sep 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-39268	5 Feb 202519:34	–	redhatcve
Vulnrichment	CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance	30 Sep 202220:25	–	vulnrichment

NVD

Vulners

Node

orchest orchestRange2022.03.7–2022.09.9

[
  {
    "product": "orchest",
    "vendor": "orchest",
    "versions": [
      {
        "status": "affected",
        "version": ">=v2022.03.7"
      },
      {
        "status": "affected",
        "version": "<=v2022.09.9"
      }
    ]
  }
]

Source	Link
github	www.github.com/orchest/orchest/pull/1324
github	www.github.com/orchest/orchest/security/advisories/GHSA-q44f-8jpw-qv4j
github	www.github.com/orchest/orchest/releases/tag/v2022.09.10
github	www.github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d

21 Nov 2024 07:17Current

8High risk

Vulners AI Score8

CVSS 3.18.1

EPSS0.00197

SSVC

CWE-352