Lucene search

GitHub Advisory DatabaseGHSA-FG52-RC36-JP43

HistoryMay 17, 2022 - 2:45 a.m.

baserCMS Cross Site Request Forgery vulnerability

2022-05-1702:45:13

CWE-352

GitHub Advisory Database

github.com

cross-site request forgery

basercms

remote attackers

authentication hijack

administrators

software

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.9%

JSON

Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Affected configurations

Vulners

Node

baserprojectbasercmsRange≤3.0.10

VendorProductVersionCPE
baserprojectbasercms*cpe:2.3:a:baserproject:basercms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baserproject	basercms	*	cpe:2.3:a:baserproject:basercms::::::::

References

basercms.net/security/JVN92765814

github.com/advisories/GHSA-fg52-rc36-jp43

jvn.jp/en/jp/JVN92765814/index.html

nvd.nist.gov/vuln/detail/CVE-2016-4878

web.archive.org/web/20210308130052/www.securityfocus.com/bid/93217

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.9%

JSON

Related for GHSA-FG52-RC36-JP43