12 matches found
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
Cross-site Request Forgery (CSRF)
Overview trestle-auth is an authentication plugin for the Trestle admin framework. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. An attacker can create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth adm...
Cross-site Request Forgery (CSRF)
trestle-auth is vulnerable to cross-site request forgery. An attacker is able to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session, allowing to alter protected data, including admin account credentials...
Cross-Site Request Forgery (CSRF) in trestle-auth
Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
Design/Logic Flaw
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
Cross-Site Request Forgery (CSRF) in trestle-auth
Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...
GHSA-H8HX-2C5R-32CF Cross-Site Request Forgery (CSRF) in trestle-auth
Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...
CVE-2021-29435 Cross-Site Request Forgery (CSRF) in trestle-auth
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
CVE-2021-29435
CVE-2021-29435 affects the trestle-auth Ruby gem (versions 0.4.0 and 0.4.1) used with the Trestle admin framework. The issue allows an attacker to craft a form that bypasses Rails CSRF protection when submitted by a victim who has a trestle-auth admin session, potentially enabling alteration of p...
Sam Pohlenz trestle-auth 跨站请求伪造漏洞
Sam Pohlenz trestle-auth is a Sam Pohlenz open source application. An authentication plugin. A cross-site request forgery vulnerability exists in Trestle-auth versions 0.4.0 and 0.4.1, which could allow an attacker to alter a user's data, including administrative account credentials...