b2luigi (>=0.3.1 <=0.5.0), py-rate (>=0.1.2 <=0.2.0) potentially affected by CVE-2018-1000843 via luigi (>=1.3.0 <=2.7.8)

luigi PYPI version =1.3.0, =0.3.1, =0.1.2, =0.2.0 Source cves: CVE-2018-1000843 Source advisory: OSV:GHSA-P69G-F978-XXV9...

b2luigi (>=0.3.1 <=0.5.0), py-rate (>=0.1.2 <=0.2.0) potentially affected by CVE-2018-1000843 via luigi (>=1.3.0 <=2.7.8)

luigi PYPI version =1.3.0, =0.3.1, =0.1.2, =0.2.0 Source cves: CVE-2018-1000843 Source advisory: OSV:PYSEC-2018-11...

CVE-2018-1000843

CVE-2018-1000843 affects Luigi prior to 2.8.0. The root issue is a CSRF vulnerability in the API endpoint /api/ that can cause leakage of Task metadata (name, id, parameters, etc.) to unauthorized users. Exploitation requires the victim to visit a specially crafted webpage from a network where th...