Lucene search
Veracode Vulnerability DatabaseVERACODE:29988HistoryApr 14, 2021 - 6:53 a.m.
Cross-site Request Forgery (CSRF)
2021-04-1406:53:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
29.0%
trestle-auth is vulnerable to cross-site request forgery. An attacker is able to create a form that will bypass Rails’ built-in CSRF protection when submitted by a victim with a trestle-auth admin session, allowing to alter protected data, including admin account credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| trestle-auth | le | 0.4.1 |
Related
prion
prion
Design/Logic Flaw
2021-04-13 20:15:00
cve
cve
CVE-2021-29435
2021-04-13 20:15:21
osv
osv
CVE-2021-29435
2021-04-13 20:15:21
Cross-Site Request Forgery (CSRF) in trestle-auth
2021-04-13 17:01:50
cvelist
cvelist
CVE-2021-29435 Cross-Site Request Forgery (CSRF) in trestle-auth
2021-04-13 17:00:21
nvd
nvd
CVE-2021-29435
2021-04-13 20:15:21
github
github
Cross-Site Request Forgery (CSRF) in trestle-auth
2021-04-13 17:01:50