CVE-2022-25268

Name of the Vulnerable Software and Affected Versions Passwork On-Premise Edition versions prior to 4.6.13

Description The issue is related to a CSRF vulnerability in the password manager Passwork. This vulnerability can be exploited by a remote attacker to perform a CSRF attack via the groups, password, and history subsystems.

Recommendations For Passwork On-Premise Edition versions prior to 4.6.13, update to version 4.6.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the groups, password, and history subsystems to minimize the risk of exploitation.