CVE-2020-13231

nvd nist

Published: May 20, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.

Affected (3)

Products: Cacti: Cacti · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cacti Cacti	Before 1.2.11

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

https://github.com/Cacti/cacti/issues/3342

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11

Source: cve@mitre.org

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B/

Source: cve@mitre.org

https://github.com/Cacti/cacti/issues/3342

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.