PT-2020-6426 · Ckeditor+1 · Ckeditor+1
Dennis Brinkrolf
·
Published
2020-08-10
·
Updated
2024-03-06
·
CVE-2020-36389
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CiviCRM versions prior to 5.28.1
CiviCRM ESR versions prior to 5.27.5 ESR
Description
The issue is related to the CKEditor configuration form in CiviCRM, which allows Cross-Site Request Forgery (CSRF). This could potentially allow a remote attacker to impact data integrity.
Recommendations
For CiviCRM versions prior to 5.28.1, update to version 5.28.1 or later.
For CiviCRM ESR versions prior to 5.27.5 ESR, update to version 5.27.5 ESR or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ckeditor
Civicrm