Lucene search

MitreCVE-2024-22859

HistoryFeb 01, 2024 - 7:15 a.m.

CVE-2024-22859

2024-02-0107:15:08

CWE-352

mitre

web.nvd.nist.gov

cve-2024-22859

cross-site request forgery

csrf

livewire

vulnerability

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.9%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.

Affected configurations

Nvd

Node

laravellivewireRange<3.0.4wordpress

VendorProductVersionCPE
laravellivewire*cpe:2.3:a:laravel:livewire:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
laravel	livewire	*	cpe:2.3:a:laravel:livewire::::::wordpress::*

References

github.com/github/advisory-database/pull/3490

github.com/livewire/livewire/commit/5d887316f2aaf83c0e380ac5e72766f19700fa3b

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.9%

JSON

Related for CVE-2024-22859