CVE-2023-0959

Name of the Vulnerable Software and Affected Versions Bhima version 1.27.0

Description The issue allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.

Recommendations For Bhima version 1.27.0, as a temporary workaround, consider implementing CSRF protection measures until a patch is available. Restrict access to administrative functions to minimize the risk of exploitation. Avoid using malicious links that could potentially update account privileges until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.