PT-2023-25364 · No Magic · Teamwork Cloud
Johannes Rückert
·
Publicado
2023-10-09
·
Atualizado
2023-10-20
·
CVE-2023-3589
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Teamwork Cloud versions No Magic Release 2021x through No Magic Release 2022x
Description
A Cross-Site Request Forgery (CSRF) vulnerability could allow an attacker to send a specifically crafted query to the server under certain conditions.
Recommendations
For versions No Magic Release 2021x through No Magic Release 2022x, consider implementing additional security measures to prevent CSRF attacks, such as validating request headers and using anti-CSRF tokens. As a temporary workaround, restrict access to sensitive server queries until a patch is available.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Teamwork Cloud