CVE-2024-55076

Name of the Vulnerable Software and Affected Versions Grocy versions prior to 4.3.0

Description The issue is related to the lack of CSRF protection, which can be demonstrated by changing the Administrator's password. This allows unauthorized actions to be performed.

Recommendations For versions prior to 4.3.0, update to version 4.3.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent CSRF attacks, such as validating requests to sensitive endpoints like the password change function. Restrict access to the password change functionality to minimize the risk of exploitation.