CVE-2023-5900

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803	Patch
https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sfu:pkp_web_application_library:*:*:*:*:*:*:*:*

History

21 Jan 2024, 03:04

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 4.3

16 Nov 2023, 21:15

Type	Values Removed	Values Added
Summary	~~Missing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0-16.~~	Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

14 Nov 2023, 18:40

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
References	~~() https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803 -~~	() https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803 - Patch
References	~~() https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354 -~~	() https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354 - Exploit, Third Party Advisory
CWE		CWE-352
CPE		cpe:2.3:a:sfu:pkp_web_application_library::::::::
First Time		Sfu pkp Web Application Library Sfu

07 Nov 2023, 12:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-07 04:24

Updated : 2024-02-28 20:33

NVD link : CVE-2023-5900

Mitre link : CVE-2023-5900

CVE.ORG link : CVE-2023-5900

JSON object : View

Products Affected

sfu

pkp_web_application_library

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

4.3 /10