CVE-2023-49076

Name of the Vulnerable Software and Affected Versions Pimcore Customer-data-framework versions prior to 4.0.5

Description The issue allows an attacker to create new customers due to the lack of tokens or headers to prevent CSRF attacks. This can be exploited to manage customer data within Pimcore.

Recommendations For versions prior to 4.0.5, update to version 4.0.5 to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent CSRF attacks, such as validating requests through other means.