CVE-2018-9856
- Source
- https://cve.org/CVERecord?id=CVE-2018-9856
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9856.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-9856
- Aliases
- Published
- 2018-04-09T07:29:00.233Z
- Modified
- 2026-04-10T04:08:33.007111Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
- References
Affected packages
Git / github.com/kotti/kotti
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kotti/kotti
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.3.2" }, { "introduced": "0" }, { "last_affected": "2.0.0-alpha1" }, { "introduced": "0" }, { "last_affected": "2.0.0b1" } ] }
Affected versions
0.*
0.1.1
0.10a2
0.10a3
0.10a4
0.10b1
0.1a8
0.2.10
0.2.3
0.2.5
0.2.7
0.2a1
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.0
0.5.0a1
0.5.0a2
0.5.0a3
0.5.0a4
0.5.0a5
0.5.0a6
0.5.0rc1
0.5.0rc2
0.5.1
0.5.2
0.6.0
0.6.0b1
0.6.0b2
0.6.0b3
0.6.1
0.6.2
0.6.3
0.7
0.7.1
0.7.2
0.7a1
0.7a2
0.7a3
0.7a4
0.7a5
0.7a6
0.7rc1
0.8a2
0.8b1
0.8b2
0.9
0.9.1
0.9a1
0.9a2
0.9b1
0.9b2
1.*
1.1.0
1.1.0-alpha.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.0-alpha.1
1.3.0-alpha.2
1.3.0-alpha.3
1.3.0-alpha.4
1.3.1
2.*
2.0.0.alpha1
2.0.0b1