PT-2024-14625 · Unknown · Mongo-Express
Alfinj0Se
·
Published
2024-03-01
·
Updated
2025-05-13
·
CVE-2023-52555
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
mongo-express version 1.0.2
Description
The issue allows for Cross-Site Request Forgery (CSRF) attacks, as demonstrated by the deletion of a Collection through the /admin endpoint.
Recommendations
For mongo-express version 1.0.2, consider restricting access to the /admin endpoint to minimize the risk of exploitation. As a temporary workaround, implement CSRF protection mechanisms until a patch is available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongo-Express