CVE-2023-26845
Vendor
Affected Versions
Version 0.9.7 and earlier.
Vulnerability
Cross-Site Request Forgery (CSRF) - CWE: 352
Description
A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.
Disclosure Timeline
- February 7, 2023: I've sent a notification to vendor (no response received).
- February 10, 2023: I've sent a second notification to vendor (no response received).
- February 11, 2023: I've requested CVE number.
- April 8, 2023: Public disclosure.
CVE Reference
The MITRE has assigned the name CVE-2023-26845 to this vulnerability.
Credits
Vulnerability discovered by Davide Bernacchia.