Lucene search
PRIOn knowledge basePRION:CVE-2018-1000843HistoryDec 20, 2018 - 3:29 p.m.
Cross site request forgery (csrf)
2018-12-2015:29:00
PRIOn knowledge base
www.prio-n.com
2
0.003 Low
EPSS
Percentile
68.8%
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible… This vulnerability appears to have been fixed in 2.8.0 and later.
Related
osv
osv
PYSEC-2018-11
2018-12-20 15:29:00
CVE-2018-1000843
2018-12-20 15:29:02
Cross-Site Request Forgery (CSRF) in Luigi
2018-12-20 22:01:39
github
github
Cross-Site Request Forgery (CSRF) in Luigi
2018-12-20 22:01:39
cve
cve
CVE-2018-1000843
2022-10-03 16:21:58
veracode
veracode
Cross-site Request Forgery (CSRF)
2018-12-21 05:59:27
nvd
nvd
CVE-2018-1000843
2018-12-20 15:29:02
cvelist
cvelist
CVE-2018-1000843
2022-10-03 16:21:58