PT-2010-1745 · Acollab · Acollab

Published

2010-07-22

Updated

2017-08-17

CVE-2009-4942

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ACollab version 1.2

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items.

Recommendations For ACollab version 1.2, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to the agenda item addition functionality until a patch is available.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2009-4942

Affected Products

Acollab

PT-2010-1745 · Acollab · Acollab

CVE-2009-4942

Weakness Enumeration

Related Identifiers

Affected Products

References · 5