{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-36623", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2024-08-04T17:30:08.422Z", "dateReserved": "2022-12-21T00:00:00", "datePublished": "2022-12-21T00:00:00"}, "containers": {"cna": {"title": "Pengu index.js runApp cross-site request forgery", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-21T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475."}], "affected": [{"vendor": "unspecified", "product": "Pengu", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/jtojnar/pengu/commit/aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91"}, {"url": "https://vuldb.com/?id.216475"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery", "cweId": "CWE-863"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.422Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/jtojnar/pengu/commit/aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216475", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pengu_project:pengu:*:*:*:*:*:*:*:*", "matchCriteriaId": "69657BC6-E5C0-4D73-A890-093ACB51853E", "versionEndExcluding": "2020-11-02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Pengu. Ha sido declarada problem\u00e1tica. La funci\u00f3n runApp del archivo src/index.js es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la Cross-Site Request Forgery (CSRF). El ataque se puede lanzar de forma remota. El nombre del parche es aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-216475."}], "id": "CVE-2020-36623", "lastModified": "2023-11-07T03:22:19.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-12-21T19:15:12.227", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jtojnar/pengu/commit/aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.216475"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}