Lucene search
+L

6 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.5 views

SUSE CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

3.7CVSS6.8AI score0.01673EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.5 views

rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token

A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity...

4.3CVSS6.7AI score0.01673EPSS
Exploits1References4
OSV
OSV
added 2020/07/02 7:15 p.m.3 views

DEBIAN-CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

4.3CVSS6AI score0.01673EPSS
Exploits1References1
OSV
OSV
added 2020/07/02 7:15 p.m.5 views

UBUNTU-CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

4.3CVSS6.8AI score0.01673EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/07/02 6:35 p.m.65 views

CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

4.3CVSS5.8AI score0.01673EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2020/05/26 3:11 p.m.80 views

Ability to forge per-form CSRF tokens in Rails

It is possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Impact ------ Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for...

4.3CVSS5.3AI score0.01673EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder