Lucene search

GoogleOSV:CVE-2023-5893

HistoryNov 01, 2023 - 1:15 a.m.

CVE-2023-5893

2023-11-0101:15:07

Google

osv.dev

cve-2023-5893

cross-site request forgery

github

repository

pkp/pkp-lib

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CPENameOperatorVersion
pkp-libeqojs-3_0b1
pkp-libeqojs-2_3_3-0
pkp-libeqomp-3_1_0-0
pkp-libeqharvester-2_3_0b1
pkp-libeq3_3_0-11
pkp-libeq3_2_0-1
pkp-libeq3_3_0-2
pkp-libeqomp-1_2_0-0
pkp-libeqomp-0_9_9-0
pkp-libeq3_3_0-4

Name	Operator	Version
pkp-lib	eq	ojs-3_0b1
pkp-lib	eq	ojs-2_3_3-0
pkp-lib	eq	omp-3_1_0-0
pkp-lib	eq	harvester-2_3_0b1
pkp-lib	eq	3_3_0-11
pkp-lib	eq	3_2_0-1
pkp-lib	eq	3_3_0-2
pkp-lib	eq	omp-1_2_0-0
pkp-lib	eq	omp-0_9_9-0
pkp-lib	eq	3_3_0-4

Rows per page:

1-10 of 361

References

github.com/pkp/pkp-lib/commit/992ca674e9fb705751b1cbf929a1856ebe29b30a

huntr.com/bounties/a965aa16-79ce-4185-8f58-3d3b0d74a71e

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for OSV:CVE-2023-5893