CVE-2021-29435

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-29435
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29435.json
Aliases
Published
2021-04-13T20:15:21Z
Modified
2023-11-29T08:45:36.771782Z
Details

trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account credentials. The vulnerability has been fixed in trestle-auth 0.4.2 released to RubyGems.

References

Affected packages

Git / github.com/TrestleAdmin/trestle-auth

Affected ranges

Type
GIT
Repo
https://github.com/TrestleAdmin/trestle-auth
Events
Introduced
0The exact introduced commit is unknown
Fixed
cb95b05cdb2609052207af07b4b8dfe3a23c11dc
Type
GIT
Repo
https://github.com/trestleadmin/trestle-auth
Events
Introduced
0The exact introduced commit is unknown
Last affected
71d7f3d9f32d2f2cae385a9d9beb397a142b9203
Last affected
e57cda555a25caf4f6c02bd122cf07cf4b4c7b7a

Affected versions

v0.*

v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.3.0
v0.4.0
v0.4.1