Lucene search

K
prionPRIOn knowledge basePRION:CVE-2020-11818
HistoryApr 16, 2020 - 7:15 p.m.

Cross site request forgery (csrf)

2020-04-1619:15:00
PRIOn knowledge base
www.prio-n.com
5

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user’s valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.

CPENameOperatorVersion
rukovoditeleq2.5.2

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

Related for PRION:CVE-2020-11818