Moderate severity vulnerability that affects Kotti

2018-07-12T20:30:30
ID GHSA-3HQ4-F2V6-Q338
Type github
Reporter GitHub Advisory Database
Modified 2021-06-11T15:18:09

Description

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.