GHSA-w9pg-7c3h-fc8j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w9pg-7c3h-fc8j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-w9pg-7c3h-fc8j/GHSA-w9pg-7c3h-fc8j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w9pg-7c3h-fc8j
- Aliases
- Published
- 2024-08-05T14:39:09Z
- Modified
- 2024-08-06T14:55:49.722388Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
- Details
-
Impact
Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF)
Affected products:
- Icinga Web (>=2.12.0)
- Icinga DB Web (>=1.0.0)
- Icinga Notifications Web (>=0.1.0)
- Icinga Web JIRA Integration (>=1.3.0)
All affected products, in any version, will be unaffected by this once
icinga-php-libraryis upgraded.Patches
Version 0.10.1 will include a fix for this. It will be published as part of the
icinga-php-libraryv0.14.1 release. - Database specific
{ "nvd_published_at": "2024-08-05T21:15:38Z", "severity": "LOW", "github_reviewed_at": "2024-08-05T14:39:09Z", "github_reviewed": true, "cwe_ids": [ "CWE-352" ] }- References
Affected packages
Packagist / ipl/web
Package
- Name
- ipl/web
- Purl
- pkg:composer/ipl/web