wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.
Metrics
Affected Vendors & Products
References
History
Wed, 20 Nov 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:wallabag:wallabag:*:*:*:*:*:*:*:* | |
Metrics |
ssvc
|
Tue, 19 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wallabag
Wallabag wallabag |
|
CPEs | cpe:2.3:a:wallabag:wallabag:2.5.2:*:*:*:*:*:*:* | |
Vendors & Products |
Wallabag
Wallabag wallabag |
|
Metrics |
cvssV3_1
|
Fri, 15 Nov 2024 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4. | |
Title | CSRF in wallabag/wallabag | |
Weaknesses | CWE-352 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-11-15T10:53:21.745Z
Updated: 2024-11-20T22:30:58.342Z
Reserved: 2023-02-07T21:21:58.381Z
Link: CVE-2023-0737
Vulnrichment
Updated: 2024-11-20T22:30:52.732Z
NVD
Status : Analyzed
Published: 2024-11-15T11:15:08.363
Modified: 2024-11-19T14:43:04.257
Link: CVE-2023-0737
Redhat
No data.