Cross-Site Request Forgery (CSRF)

2023-08-1802:47:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site request forgery

vulnerability

gin software

http endpoint

malicious folder

data theft

arbitrary code

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.2%

JSON

gin is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability occurs because the plugin does not require POST requests for an HTTP endpoint, which allows allows an attacker to copy a malicious folder, which could then be used to steal data or execute arbitrary code.