3 matches found
CVE-2026-48518
Affected software: MultiJuicer (versions 8.0.0–10.0.0) running on a central Kubernetes deployment. Vulnerability: CSRF in the team join endpoint (POST /multi-juicer/api/teams/{team}/join) that accepts any Content-Type, bypassing CORS preflight and enabling a cross-site form to force a victim to j...
CVE-2026-48518 MultiJuicer: Login CSRF allows attacker to force victims into their team
MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...
PT-2026-49470
Name of the Vulnerable Software and Affected Versions MultiJuicer versions 8.0.0 through 10.0.0 Description The team join endpoint 'POST /multi-juicer/api/teams/team/join' accepts requests with any Content-Type, including text/plain. Since this content type does not trigger a Cross-Origin Resourc...