CVE-2022-39268

Name of the Vulnerable Software and Affected Versions Orchest versions prior to v2022.09.10

Description The issue allows an attacker to trick an innocent end user into submitting a web request that they did not intend, potentially causing actions such as client or server data leakage, change of session state, or manipulation of an end user's account. This is related to a Cross-site Request Forgery (CSRF) attack.

Recommendations Upgrade to v2022.09.10 to patch this vulnerability. As a temporary workaround, rebuild and redeploy the Orchest auth-server with the specified commit.