Lucene search

[email protected]NVD:CVE-2023-38885

HistoryNov 20, 2023 - 7:15 p.m.

CVE-2023-38885

2023-11-2019:15:08

CWE-352

[email protected]

web.nvd.nist.gov

opensis

csrf

vulnerability

authentication

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.4%

JSON

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

Affected configurations

Nvd

Node

os4edopensisMatch9.0community

VendorProductVersionCPE
os4edopensis9.0cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*

Vendor	Product	Version	CPE
os4ed	opensis	9.0	cpe:2.3:a:os4ed:opensis:9.0::::community:::

References

github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38885

github.com/OS4ED/openSIS-Classic

www.os4ed.com/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.4%

JSON

Related for NVD:CVE-2023-38885

cve1 osv1 cvelist1 prion1