Skip to content

Template and field configuration are susceptible to CSRF

Moderate
nilmerg published GHSA-gh7w-7f7j-gwp5 Jul 5, 2023

Package

No package listed

Affected versions

1.3.0

Patched versions

1.3.2

Description

Impact

Both forms perform the deletion action before user input is validated, including the CSRF token.

Patches

The version 1.3.0 introduced it, and version 1.3.2 fixes it.

Workarounds

None.

References

https://owasp.org/www-community/attacks/csrf

Severity

Moderate
5.0
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE ID

CVE-2023-30607

Weaknesses

No CWEs