Lucene search
GoogleOSV:GHSA-697V-PXG3-J262HistoryJul 15, 2022 - 8:55 p.m.
Togglz console missing cross-site request forgery (CSRF) protection
2022-07-1520:55:21
Google
osv.dev
13
togglz
feature toggles pattern
java
csrf
protection
attacker
csrf token
version 2.9.4
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
49.8%
Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.
Related
osv
osv
CVE-2020-28191
2022-12-26 22:15:10
cvelist
cvelist
CVE-2020-28191
2022-12-26 00:00:00
nvd
nvd
CVE-2020-28191
2022-12-26 22:15:10
github
github
Togglz console missing cross-site request forgery (CSRF) protection
2022-07-15 20:55:21
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-07-18 06:30:41
prion
prion
Cross site request forgery (csrf)
2022-12-26 22:15:00
cve
cve
CVE-2020-28191
2022-12-26 22:15:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
49.8%
Related for OSV:GHSA-697V-PXG3-J262