Lucene search

[email protected]NVD:CVE-2023-46699

HistoryDec 26, 2023 - 8:15 a.m.

CVE-2023-46699

2023-12-2608:15:10

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-46699

cross-site request forgery

user settings

growi versions

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user’s intention.

Affected configurations

NVD

Node

weseekgrowiRange<6.0.0

References

jvn.jp/en/jp/JVN18715935/

weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2023-46699

osv1 cvelist1 prion1 cve1 jvn1