CVE-2023-34927

Name of the Vulnerable Software and Affected Versions Casdoor versions 1.331.0 and below

Description The issue is related to a Cross-Site Request Forgery (CSRF) in the "/api/set-password" endpoint. This allows attackers to change a victim user's password by supplying a crafted URL.

Recommendations For Casdoor versions 1.331.0 and below, as a temporary workaround, consider restricting access to the "/api/set-password" endpoint until a patch is available. Avoid using this endpoint in scenarios where CSRF attacks are possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability.