PT-2023-28763 · Click Studios · Passwordstate
Published
2023-10-31
·
Updated
2023-11-08
·
CVE-2023-43295
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Click Studios (SA) Pty Ltd Passwordstate versions Build 9785 and before
Description
A Cross Site Request Forgery vulnerability allows a local attacker to execute arbitrary code via a crafted request.
Recommendations
For versions Build 9785 and before, update to a version later than Build 9785 to resolve the issue.
As a temporary workaround, consider restricting access to the
Passwordstate application until a patch is available.
Avoid using crafted requests in the affected API endpoints until the issue is resolved.Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Passwordstate