Lucene search
GoogleOSV:CVE-2021-29435HistoryApr 13, 2021 - 8:15 p.m.
CVE-2021-29435
2021-04-1320:15:21
Google
osv.dev
3
0.001 Low
EPSS
Percentile
29.0%
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails’ built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account credentials. The vulnerability has been fixed in trestle-auth 0.4.2 released to RubyGems.
| CPE | Name | Operator | Version |
|---|---|---|---|
| trestle-auth | eq | 0.2.0 | |
| trestle-auth | eq | 0.2.4 | |
| trestle-auth | eq | 0.2.5 | |
| trestle-auth | eq | 0.4.0 | |
| trestle-auth | eq | 0.2.3 | |
| trestle-auth | eq | 0.2.1 | |
| trestle-auth | eq | 0.4.1 | |
| trestle-auth | eq | 0.2.2 | |
| trestle-auth | eq | 0.3.0 |
Related
prion
prion
Design/Logic Flaw
2021-04-13 20:15:00
cve
cve
CVE-2021-29435
2021-04-13 20:15:21
cvelist
cvelist
CVE-2021-29435 Cross-Site Request Forgery (CSRF) in trestle-auth
2021-04-13 17:00:21
veracode
veracode
Cross-site Request Forgery (CSRF)
2021-04-14 06:53:40
osv
osv
Cross-Site Request Forgery (CSRF) in trestle-auth
2021-04-13 17:01:50
github
github
Cross-Site Request Forgery (CSRF) in trestle-auth
2021-04-13 17:01:50
nvd
nvd
CVE-2021-29435
2021-04-13 20:15:21