Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03ZzdyLWdyNDYtcTRwNc0mJA

High EPSS: 0.00138% (0.34479 Percentile) EPSS:
Permalink JSON

Cross-Site Request Forgery in yetiforce

Affected Packages Affected Versions Fixed Versions
packagist:yetiforce/yetiforce-crm <= 6.3.0 No known fixed version
0 Dependent packages
0 Dependent repositories
201 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0

Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users.

References:

Identifiers

GHSA-7g7r-gr46-q4p5

CVE-2022-0269

Risk

Severity

High

EPSS

EPSS Percentage: 0.00138

EPSS Percentile: 0.34479

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON