Lucene search

Veracode Vulnerability DatabaseVERACODE:33724

HistoryJan 17, 2022 - 8:12 a.m.

Cross-Site Request Forgery (CSRF)

2022-01-1708:12:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

30.1%

JSON

livehelperchat is vulnerable to cross-site request forgery. The server is unable to verify the authenticity of web requests due to a lack of anti-CSRF protection mechanism in the REST API, allowing an attacker to submit requests on behalf of the user, and potentially obtain credentials via the configuration page.

CPENameOperatorVersion
remdex/livehelperchatlev268.x-dev
remdex/livehelperchatlev268.x-dev

CPE	Name	Operator	Version
	remdex/livehelperchat	le	v268.x-dev
	remdex/livehelperchat	le	v268.x-dev

References

github.com/livehelperchat/livehelperchat/commit/6ad1349dc5e7503b00c5017499a0a895d7654a61

huntr.dev/bounties/adaf98cf-60ab-40e0-aa3b-42ba0d3b7cbf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for VERACODE:33724