CVE-2020-4040

Name of the Vulnerable Software and Affected Versions Bolt CMS versions prior to 3.7.1

Description The issue is related to the lack of proper CSRF protection in the preview generating endpoint. This endpoint is intended for use by authorized users such as admins, developers, chief-editors, and editors to generate previews of content. However, due to the lack of CSRF protection, unauthorized users could also generate previews.

Recommendations For versions prior to 3.7.1, update to version 3.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the preview generating endpoint to minimize the risk of unauthorized preview generation.