Cross site request forgery (csrf)

2023-06-2213:15:00

PRIOn knowledge base

www.prio-n.com

cross-site request forgery

casdoor v1.331.0

vulnerability

password change

crafted url

0.021 Low

EPSS

Percentile

89.2%

JSON

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user’s password via supplying a crafted URL.

CPENameOperatorVersion
casdoorle1.331.0

CPE	Name	Operator	Version
	casdoor	le	1.331.0

References

casdoor.org/

gist.github.com/omriman067/4e90a3a4ffa40984f011d8777a995469

github.com/casdoor/casdoor/issues/1531

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for PRION:CVE-2023-34927