CVE-2024-54792

Name of the Vulnerable Software and Affected Versions SpagoBI version 3.5.1

Description A Cross-Site Request Forgery (CSRF) issue has been found in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, such as adding, editing, or deleting users.

Recommendations For SpagoBI version 3.5.1, consider disabling access to the user administration panel until a patch is available to prevent potential exploitation of the CSRF issue. Restrict access to sensitive functions like adding, editing, or deleting users to minimize the risk of unwanted actions being executed.