PT-2017-10719 · Chyrp · Chyrp Lite
Fleetcaptain
·
Published
2017-07-13
·
Updated
2017-08-07
·
CVE-2017-1000008
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Chyrp Lite version 2016.04
Description
The issue allows attackers to hijack the authentication of logged-in users, enabling them to modify account information, including passwords, through a CSRF in the user settings function.
Recommendations
For Chyrp Lite version 2016.04, consider disabling the user settings function temporarily to prevent exploitation until a fix is available. Restrict access to the user settings module to minimize the risk of account information modification. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chyrp Lite