Lucene search

[email protected]NVD:CVE-2021-41260

HistoryDec 16, 2021 - 6:15 p.m.

CVE-2021-41260

2021-12-1618:15:08

CWE-352

[email protected]

web.nvd.nist.gov

galette

membership

web application

cross site request forgery

upgrade

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.6%

JSON

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.

Affected configurations

Nvd

Node

galettegaletteRange<0.9.6

VendorProductVersionCPE
galettegalette*cpe:2.3:a:galette:galette:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
galette	galette	*	cpe:2.3:a:galette:galette::::::::

References

github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad

github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.6%

JSON

Related for NVD:CVE-2021-41260

cvelist1 cve1 prion1 ubuntucve1 osv1 cnvd1