CVE-2019-13183

Published: Jul 7, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.

Affected (12)

Products: Flarum: Flarum

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Flarum Flarum	Version 0.1.0
Flarum Flarum	Version 0.1.0 beta2
Flarum Flarum	Version 0.1.0 beta3
Flarum Flarum	Version 0.1.0 beta4
Flarum Flarum	Version 0.1.0 beta5
Flarum Flarum	Version 0.1.0 beta6
Flarum Flarum	Version 0.1.0 beta7.1
Flarum Flarum	Version 0.1.0 beta7.2
Flarum Flarum	Version 0.1.0 beta7
Flarum Flarum	Version 0.1.0 beta8.1
Flarum Flarum	Version 0.1.0 beta8.2
Flarum Flarum	Version 0.1.0 beta8

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/flarum/core/blob/master/CHANGELOG.md

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6

Source: cve@mitre.org

Third Party Advisory

https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/flarum/core/blob/master/CHANGELOG.md

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.