CVE-2020-24130

Name of the Vulnerable Software and Affected Versions: Ponzu version 0.11.0

Description: A cross site request forgery (CSRF) vulnerability in the configure.html component allows attackers to change user and administrator credentials, and add or delete administrator accounts.

Recommendations: For Ponzu version 0.11.0, as a temporary workaround, consider restricting access to the configure.html component until a patch is available. Avoid using the configure.html component for sensitive operations, such as changing user and administrator credentials, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.