CVE-2023-0870 Form Can Be Manipulated with Cross-Site Request Forgery (CSRF)

🗓️ 22 Mar 2023 18:16:42Reported by OpenNMSType

CVE-2023-0870 Form manipulation via CSRF in OpenNMS Meridian and Horizo

Reporter	Title	Published	Views	Family All 11
CNNVD	Opennms Group OpenNMS 跨站请求伪造漏洞	22 Mar 202300:00	–	cnnvd
CVE	CVE-2023-0870	22 Mar 202318:16	–	cve
EUVD	EUVD-2023-1053	3 Oct 202520:07	–	euvd
Github Security Blog	OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery	22 Mar 202321:30	–	github
NVD	CVE-2023-0870	22 Mar 202319:15	–	nvd
OSV	GHSA-JXR6-7QG5-8WV6 OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery	22 Mar 202321:30	–	osv
Prion	Cross site request forgery (csrf)	22 Mar 202319:15	–	prion
Positive Technologies	PT-2023-16574 · Opennms · Opennms Meridian +1	22 Mar 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-0870	23 May 202504:40	–	redhatcve
SUSE CVE	SUSE CVE-2023-0870	31 Mar 202301:57	–	susecve

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "form"
    ],
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "product": "Meridian",
    "repo": "https://github.com/OpenNMS",
    "vendor": "The OpenNMS Group ",
    "versions": [
      {
        "lessThan": "2020.1.33",
        "status": "affected",
        "version": "2020.1.0",
        "versionType": "git"
      },
      {
        "lessThan": "2021.1.25",
        "status": "affected",
        "version": "2021.1.0 ",
        "versionType": "git"
      },
      {
        "lessThan": "2022.1.14",
        "status": "affected",
        "version": "2022.1.0",
        "versionType": "git"
      },
      {
        "lessThan": "2023.1.1",
        "status": "affected",
        "version": "2023.1.0",
        "versionType": "git"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "modules": [
      "form"
    ],
    "platforms": [
      "Windows",
      "Linux",
      "MacOS"
    ],
    "product": "Horizon",
    "repo": "https://github.com/OpenNMS",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "status": "unaffected",
        "version": "31.0.6"
      }
    ]
  }
]

Source	Link
docs	www.docs.opennms.com/meridian/2023/releasenotes/changelog.html
github	www.github.com/OpenNMS/opennms/pull/5835/files

22 Mar 2023 18:16Current

8.4High risk

Vulners AI Score8.4

CVSS 3.18.1

EPSS0.00081

CWE-352