Lucene search

[email protected]NVD:CVE-2021-46028

HistoryJan 20, 2022 - 12:15 a.m.

CVE-2021-46028

2022-01-2000:15:08

CWE-352

[email protected]

web.nvd.nist.gov

cve-2021-46028

csrf vulnerability

mblog

article management

administrator

malicious link

article deletion

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

28.1%

JSON

In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.

Affected configurations

Nvd

Node

mblog_projectmblogRange≤3.5.0

VendorProductVersionCPE
mblog_projectmblog*cpe:2.3:a:mblog_project:mblog:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mblog_project	mblog	*	cpe:2.3:a:mblog_project:mblog::::::::

References

github.com/langhsu/mblog/issues/50

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

28.1%

JSON

Related for NVD:CVE-2021-46028

cvelist1 prion1 osv1 cve1