Lucene search

@huntrdevCVE-2023-5687

HistoryOct 20, 2023 - 5:15 p.m.

CVE-2023-5687

2023-10-2017:15:08

CWE-352

@huntrdev

web.nvd.nist.gov

cve-2023-5687

cross-site request forgery

csrf

github

mosparo

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

29.0%

JSON

Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.

Affected configurations

Nvd

Node

mosparomosparoRange<1.0.3

VendorProductVersionCPE
mosparomosparo*cpe:2.3:a:mosparo:mosparo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mosparo	mosparo	*	cpe:2.3:a:mosparo:mosparo::::::::

CNA Affected

[
  {
    "vendor": "mosparo",
    "product": "mosparo/mosparo",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.0.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/mosparo/mosparo/commit/fb3ac528b7548beb802182310967968a21c1354a

huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

29.0%

JSON

Related for CVE-2023-5687