Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1td3djLTNqdjItNjJqM84AAvPW

Moderate EPSS: 0.00104% (0.29033 Percentile) EPSS:
Permalink JSON

AdGuardHome vulnerable to Cross-Site Request Forgery

Affected Packages Affected Versions Fixed Versions
go:github.com/AdguardTeam/AdGuardHome
PURL: pkg:go/github.com%2FAdguardTeam%2FAdGuardHome
>= 0.95, < 0.108.0-b.16 0.108.0-b.16
0 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

v0.97.0, v0.97.1, v0.98.0, v0.98.1, v0.99.0, v0.99.1, v0.99.2, v0.99.3, v0.100.0, v0.100.1, v0.100.2, v0.100.3, v0.100.4, v0.100.5, v0.100.6, v0.100.7, v0.100.8, v0.100.9, v0.101.0, v0.102.0, v0.103.0, v0.103.0-beta1, v0.103.0-beta2, v0.103.0-beta3, v0.103.1, v0.103.2, v0.103.3, v0.104.0, v0.104.0-beta1, v0.104.0-beta2, v0.104.0-beta3, v0.104.1, v0.104.2, v0.104.3, v0.105.0, v0.105.0-beta.1, v0.105.0-beta.2, v0.105.0-beta.3, v0.105.0-beta.4, v0.105.0-beta.5, v0.105.1, v0.105.1-beta.1, v0.105.2, v0.105.2-beta.1, v0.106.0, v0.106.0-b.1, v0.106.0-b.2, v0.106.0-b.3, v0.106.0-b.4, v0.106.0-b.5, v0.106.1, v0.106.1-b.1, v0.106.2, v0.106.2-b.1, v0.106.3, v0.106.3-b.1, v0.107.0, v0.107.0-b.1, v0.107.0-b.2, v0.107.0-b.3, v0.107.0-b.4, v0.107.0-b.5, v0.107.0-b.6, v0.107.0-b.7, v0.107.0-b.8, v0.107.0-b.9, v0.107.0-b.10, v0.107.0-b.11, v0.107.0-b.12, v0.107.0-b.13, v0.107.0-b.14, v0.107.0-b.15, v0.107.0-b.16, v0.107.0-b.17, v0.107.1, v0.107.2, v0.107.3, v0.107.4, v0.107.5, v0.107.6, v0.107.7, v0.107.8, v0.107.9, v0.107.10, v0.107.11, v0.107.12, v0.107.13, v0.107.14, v0.107.15, v0.107.16, v0.107.17, v0.107.18, v0.107.19, v0.107.20, v0.107.21, v0.107.22, v0.107.23, v0.107.24, v0.107.25, v0.107.26, v0.107.27, v0.107.28, v0.107.29, v0.107.30, v0.107.31, v0.107.32, v0.107.33, v0.107.34, v0.107.35, v0.107.36, v0.107.37, v0.107.38, v0.107.39, v0.107.40, v0.107.41, v0.107.42, v0.107.43, v0.107.44, v0.107.45, v0.107.46, v0.107.47, v0.107.48, v0.107.49, v0.107.50, v0.107.51, v0.107.52, v0.107.53, v0.107.54, v0.107.55, v0.107.56, v0.107.57, v0.107.58, v0.107.59, v0.107.60, v0.107.61, v0.107.62, v0.107.63, v0.107.64, v0.107.65, v0.107.66, v0.107.67, v0.107.68, v0.107.69, v0.107.70, v0.108.0-b.1, v0.108.0-b.2, v0.108.0-b.3, v0.108.0-b.4, v0.108.0-b.5, v0.108.0-b.6, v0.108.0-b.7, v0.108.0-b.8, v0.108.0-b.9, v0.108.0-b.10, v0.108.0-b.11, v0.108.0-b.12, v0.108.0-b.13, v0.108.0-b.14, v0.108.0-b.15, v0.108.0-b.16, v0.108.0-b.17, v0.108.0-b.18, v0.108.0-b.19, v0.108.0-b.20, v0.108.0-b.21, v0.108.0-b.22, v0.108.0-b.23, v0.108.0-b.24, v0.108.0-b.25, v0.108.0-b.26, v0.108.0-b.27, v0.108.0-b.28, v0.108.0-b.29, v0.108.0-b.30, v0.108.0-b.31, v0.108.0-b.32, v0.108.0-b.33, v0.108.0-b.34, v0.108.0-b.35, v0.108.0-b.36, v0.108.0-b.37, v0.108.0-b.38, v0.108.0-b.39, v0.108.0-b.40, v0.108.0-b.41, v0.108.0-b.42, v0.108.0-b.43, v0.108.0-b.44, v0.108.0-b.45, v0.108.0-b.46, v0.108.0-b.47, v0.108.0-b.48, v0.108.0-b.49, v0.108.0-b.50, v0.108.0-b.51, v0.108.0-b.52, v0.108.0-b.53, v0.108.0-b.54, v0.108.0-b.55, v0.108.0-b.56, v0.108.0-b.57, v0.108.0-b.58, v0.108.0-b.59, v0.108.0-b.60, v0.108.0-b.61, v0.108.0-b.62, v0.108.0-b.63, v0.108.0-b.64, v0.108.0-b.65, v0.108.0-b.66, v0.108.0-b.67, v0.108.0-b.68, v0.108.0-b.69, v0.108.0-b.70, v0.108.0-b.71, v0.108.0-b.72, v0.108.0-b.73, v0.108.0-b.74, v0.108.0-b.75, v0.108.0-b.76, v0.108.0-b.77, v0.108.0-b.78, v0.108.0-b.79

All unaffected versions

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.

The file that contains the vulnerable code is no longer present as of v0.108.0-b.16.

References:

Identifiers

GHSA-mwwc-3jv2-62j3

CVE-2022-32175

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00104

EPSS Percentile: 0.29033

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/AdguardTeam/AdGuardHome

Date and time

Published

about 3 years ago

Updated

16 days ago

API

JSON