Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-39268

Good to know:

icon

Date: September 30, 2022

### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

https://github.com/orchest/orchest/pull/1324
https://github.com/orchest/orchest/security/advisories/GHSA-q44f-8jpw-qv4j
https://github.com/orchest/orchest/releases/tag/v2022.09.10
https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d
https://nvd.nist.gov/vuln/detail/CVE-2022-39268
https://www.mend.io/vulnerability-database/CVE-2022-39268

Severity Score

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

icon

Upgrade Version

Upgrade to version v2022.09.10

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us