Lucene search
Veracode Vulnerability DatabaseVERACODE:36824HistoryAug 29, 2022 - 4:27 a.m.
Cross-Site Request Forgery (CSRF)
2022-08-2904:27:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
froxlor
csrf
vulnerability
api keys
security checks
deletion endpoint
0.001 Low
EPSS
Percentile
37.9%
froxlor/froxlor is vulnerable to cross-site request forgery. The vulnerability exists due to the lack of security checks in the deleting api keys in api_keys.php, allowing an attacker to delete the api keys with the specified id by redirecting to the api key deletion endpoint through the GET request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| froxlor/froxlor | le | 0.10.37 | |
| froxlor/froxlor | le | 0.10.37 |
Related
nvd
nvd
CVE-2022-3017
2022-08-28 14:15:08
prion
prion
Cross site request forgery (csrf)
2022-08-28 14:15:00
cve
cve
CVE-2022-3017
2022-08-28 14:15:08
cvelist
cvelist
CVE-2022-3017 Cross-Site Request Forgery (CSRF) in froxlor/froxlor
2022-08-28 13:50:08
osv
osv
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
2022-08-29 00:00:33
CVE-2022-3017
2022-08-28 14:15:08
github
github
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
2022-08-29 00:00:33
huntr
huntr
CSRF on deleting an API key
2022-08-26 12:36:37