Lucene search

K
githubGitHub Advisory DatabaseGHSA-R2VQ-P658-P274
HistoryFeb 13, 2023 - 9:31 p.m.

SameSite Attribute vulnerability in pimCore

2023-02-1321:31:03
GitHub Advisory Database
github.com
9
samesite attribute
pimcore
arbitrary code execution
vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.2%

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.

Affected configurations

Vulners
Node
pimcorepimcoreRange<10.5.16

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.2%

Related for GHSA-R2VQ-P658-P274