Lucene search

[email protected]CVE-2023-46375

HistoryOct 27, 2023 - 1:15 a.m.

CVE-2023-46375

2023-10-2701:15:32

CWE-352

[email protected]

web.nvd.nist.gov

zentao biz

4.1.3

csrf

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).

Affected configurations

NVD

Node

zentaobizRange≤4.1.3enterprise

CPENameOperatorVersion
zentao:bizzentao bizle4.1.3

CPE	Name	Operator	Version
zentao:biz	zentao biz	le	4.1.3

References

narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-to-csrf-CVE-2023-46375-2d9d9fc2371f483eb436af20508df915

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for CVE-2023-46375

cvelist1 prion1 nvd1