Omriman067

**Name of the Vulnerable Software and Affected Versions** Casdoor versions 1.331.0 and below **Description** The issue is related to a Cross-Site Request Forgery (CSRF) in the "/api/set-password" endpoint. This allows attackers to change a victim user's password by supplying a crafted URL. **Recommendations** For Casdoor versions 1.331.0 and below, as a temporary workaround, consider restricting access to the "/api/set-password" endpoint until a patch is available. Avoid using this endpoint in scenarios where CSRF attacks are possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability.