CVE-2022-0916

Published: May 3, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

Affected (1)

Products: Logitech: Options

Logitech

1 product

Options

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Logitech Options	Before 9.60.87

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://support.logi.com/hc/en-us/articles/360025297893

Source: cve-coordination@logitech.com

Vendor Advisory

https://support.logi.com/hc/en-us/articles/360025297893

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.