3 matches found
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
CVE-2021-29435
CVE-2021-29435 affects the trestle-auth Ruby gem (versions 0.4.0 and 0.4.1) used with the Trestle admin framework. The issue allows an attacker to craft a form that bypasses Rails CSRF protection when submitted by a victim who has a trestle-auth admin session, potentially enabling alteration of p...
CVE-2021-29435 Cross-Site Request Forgery (CSRF) in trestle-auth
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...