8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
29.5%
A Cross-Site Request Forgery (CSRF) flaw was found in Oauth2. This issue exists due to the state parameter being statically generated at startup time and used across all requests for all users. An attacker could use the value of the state parameter to create forged requests on behalf of other users or other sessions of the same user.