vendor:
Arunna
by:
8.8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Arunna
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE:
CPE: a:arunna:arunna:1.0.0
Platforms Tested: Ubuntu 20.04.2 LTS
2021
Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)
The attacker can use the CSRF PoC to change any sensitive user data (password, email, name and so on). The PoC includes a HTML form with various input fields that can be used to modify user data.
Mitigation:
Implementing a CSRF token in the application can help mitigate the risk of CSRF attacks.