CVE-2019-18346

Name of the Vulnerable Software and Affected Versions DAViCal versions through 1.1.8

Description A CSRF issue was discovered in DAViCal. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. This could allow the attacker to add a new admin user if the attacked user is an administrator. The vulnerability is related to deficiencies in the mechanisms against cross-site request forgery, which can be exploited by a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity through a specially crafted HTML page.

Recommendations For versions through 1.1.8, as a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to prevent unauthorized requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.