CVE-2024-51381

Name of the Vulnerable Software and Affected Versions JATOS version 3.9.3

Description A Cross-Site Request Forgery (CSRF) issue allows attackers to perform actions reserved for administrators, including creating admin accounts. This flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control.

Recommendations For JATOS version 3.9.3, update to a newer version that contains a fix for this issue to prevent unauthorized administrative actions. As a temporary workaround, consider restricting access to administrative functions to minimize the risk of exploitation.