PT-2020-14683 · Munkireport · Munkireport

Arjen Van Bochoven

Published

2020-07-23

Updated

2020-08-05

CVE-2020-15882

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions MunkiReport versions prior to 5.6.3

Description A CSRF issue in the "manager/delete machine/{id}" endpoint allows attackers to delete arbitrary machines from the MunkiReport database.

Recommendations For versions prior to 5.6.3, update to version 5.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "manager/delete machine/{id}" endpoint to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-15882

Affected Products

Munkireport

PT-2020-14683 · Munkireport · Munkireport

CVE-2020-15882

Weakness Enumeration

Related Identifiers

Affected Products

References · 5