PT-2021-18561 · Cloverdx · Cloverdx

Patryk Bogusz

Published

2021-06-09

Updated

2022-05-25

CVE-2021-29995

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloverDX versions prior to 5.7.1 CloverDX versions 5.7.1 through 5.9.0

Description A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX allows remote attackers to execute any action as the logged-in user, including script execution.

Recommendations For versions prior to 5.7.1, update to CloverDX 5.7.1 or later. For versions 5.7.1 through 5.9.0, update to CloverDX 5.10, CloverDX 5.9.1, or CloverDX 5.8.2.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2021-29995

Affected Products

Cloverdx

PT-2021-18561 · Cloverdx · Cloverdx

CVE-2021-29995

Weakness Enumeration

Related Identifiers

Affected Products

References · 7