ГлавнаяУязвимости → CVE-2024-27474
8.8высокая

CVE-2024-27474

Описание

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.

Затрагиваемое ПО
Leantime Leantime
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://drive.proton.me/urls/67VER05Z84#f0fXnmp8o6Y9https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Users/Controllers/NewUser.php#L16https://github.com/dead1nfluence/Leantime-POC/blob/main/README.mdhttps://drive.proton.me/urls/67VER05Z84#f0fXnmp8o6Y9https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Users/Controllers/NewUser.php#L16https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md