PT-2023-25364 · No Magic · Teamwork Cloud
Johannes Rückert
·
Published
2023-10-09
·
Updated
2023-10-20
·
CVE-2023-3589
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Teamwork Cloud versions No Magic Release 2021x through No Magic Release 2022x
Description
A Cross-Site Request Forgery (CSRF) vulnerability could allow an attacker to send a specifically crafted query to the server under certain conditions.
Recommendations
For versions No Magic Release 2021x through No Magic Release 2022x, consider implementing additional security measures to prevent CSRF attacks, such as validating request headers and using anti-CSRF tokens. As a temporary workaround, restrict access to sensitive server queries until a patch is available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teamwork Cloud