Lucene search
Veracode Vulnerability DatabaseVERACODE:41331HistoryJul 18, 2023 - 7:40 a.m.
Cross-Site Request Forgery (CSRF)
2023-07-1807:40:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site request forgery
oauth flow
user trickery
account hijack
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.4%
Assembla Auth Plugin is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to lack of a state parameter in its OAuth flow which allows an attacker to trick a user into logging into the attacker’s account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| assembla auth plugin | le | 6.66 | |
| assembla auth plugin | le | 6.66 |
Related
prion
prion
Cross site request forgery (csrf)
2023-07-12 16:15:00
cvelist
cvelist
CVE-2023-37961
2023-07-12 15:52:59
osv
osv
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
2023-07-12 18:30:39
github
github
Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery
2023-07-12 18:30:39
cve
cve
CVE-2023-37961
2023-07-12 16:15:13
nvd
nvd
CVE-2023-37961
2023-07-12 16:15:13
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.4%
Related for VERACODE:41331