CVE-2023-45884

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-45884

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45884.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45884

Aliases

GHSA-4g88-4hgm-m99x

Published

2023-11-09T17:15:08.853Z

Modified

2026-04-10T05:01:43.322569Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Affected packages

Git / github.com/nasa/openmct

Affected ranges

Type

GIT

Repo

https://github.com/nasa/openmct

Events

Introduced

Last affected

c1dd82cf5f188e7c79a08ea729267a86e0a28968

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        }
    ]
}

Affected versions

0.*

0.14.0

1.*

1.7.8-rc1

V-R4.*

V-R4.4-41620

V-R4.4-RC4

V-R4.4-RC5

Other

list

openmct-viper-build-2-rc2

sim3

open-v0.*

open-v0.7.2

v0.*

v0.10.1

v0.10.2

v0.10.3

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.12.0

v0.14.0

v1.*

v1.2-RC1

v1.2-RC3

v1.2-rc2

v1.3.1

v1.4.0-rc5

v1.4.1-rc1

v1.4.1-rc2

v3.*

v3.1.0

vista-4.*

vista-4.7.0-rc1

vista-4.7.0-rc2

vista-4.7.0-rc3

vista-4.7.0-rc5

vista-r4.*

vista-r4.3.1-rc1

vista-r4.8.0-rc1

vista-r4.8.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45884.json"