CVE-2024-37417

Name of the Vulnerable Software and Affected Versions: Coachify versions 1.0.7 and earlier

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user into performing an unintended action on a web application that the user is authenticated to.

Recommendations: For Coachify versions 1.0.7 and earlier, as a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions. Restrict access to sensitive functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.