Lucene search

[email protected]NVD:CVE-2021-39394

HistoryAug 26, 2022 - 1:15 p.m.

CVE-2021-39394

2022-08-2613:15:08

CWE-352

[email protected]

web.nvd.nist.gov

mm-wiki cross-site request forgery vulnerability csrf arbitrary user modification

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.3%

JSON

mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.

Affected configurations

Nvd

Node

mm-wiki_projectmm-wikiMatch0.2.1

VendorProductVersionCPE
mm-wiki_projectmm-wiki0.2.1cpe:2.3:a:mm-wiki_project:mm-wiki:0.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mm-wiki_project	mm-wiki	0.2.1	cpe:2.3:a:mm-wiki_project:mm-wiki:0.2.1:::::::*

References

github.com/phachon/mm-wiki/issues/316

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.3%

JSON

Related for NVD:CVE-2021-39394

prion1 cve1 osv1 cvelist1