Lucene search

Veracode Vulnerability DatabaseVERACODE:46198

HistoryApr 04, 2024 - 6:27 a.m.

Cross Site Request Forgery

2024-04-0406:27:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

prefect

csrf

vulnerability

steal secrets

remote code execution

crafted request

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

Prefect is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to insufficient CSRF protection mechanisms, allowing an attacker to steal secrets or potentially gain remote code execution by submitting a crafted request.

CPENameOperatorVersion
prefectle2.16.4
prefectle2.16.4

CPE	Name	Operator	Version
	prefect	le	2.16.4
	prefect	le	2.16.4

References

github.com/prefecthq/prefect/commit/227dfcc7e3374c212a4bcd68b14e090b1c02d9d3

github.com/PrefectHQ/prefect/pull/12314

huntr.com/bounties/dab47d99-551c-4355-9ab1-c99cb90235af

www.github.com/prefecthq/prefect/commit/227dfcc7e3374c212a4bcd68b14e090b1c02d9d3

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for VERACODE:46198