Lucene search
GitHub Advisory DatabaseGHSA-697V-PXG3-J262HistoryJul 15, 2022 - 8:55 p.m.
Togglz console missing cross-site request forgery (CSRF) protection
2022-07-1520:55:21
CWE-352
GitHub Advisory Database
github.com
19
togglz
console
csrf
protection
attacker
java
version 2.9.4
software
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
49.8%
Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.
Affected configurations
Node
org.togglztogglz-consoleRange<2.9.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.togglz | togglz-console | * | cpe:2.3:a:org.togglz:togglz-console:*:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2020-28191
2022-12-26 22:15:10
Togglz console missing cross-site request forgery (CSRF) protection
2022-07-15 20:55:21
cvelist
cvelist
CVE-2020-28191
2022-12-26 00:00:00
nvd
nvd
CVE-2020-28191
2022-12-26 22:15:10
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-07-18 06:30:41
prion
prion
Cross site request forgery (csrf)
2022-12-26 22:15:00
cve
cve
CVE-2020-28191
2022-12-26 22:15:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
49.8%
Related for GHSA-697V-PXG3-J262