Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yd2NwLXFyd2ctNTZjZ84AAz_T

Casdoor Cross-Site Request Forgery vulnerability

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

Permalink: https://github.com/advisories/GHSA-rwcp-qrwg-56cg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yd2NwLXFyd2ctNTZjZ84AAz_T
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 6 months ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Identifiers: GHSA-rwcp-qrwg-56cg, CVE-2023-34927
References:

Repository: https://github.com/casdoor/casdoor
Blast Radius: 0.0

Affected Packages

go:github.com/casdoor/casdoor

Dependent packages: 0
Dependent repositories: 1
Downloads:
Affected Version Ranges: <= 1.331.0
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.8.1, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.12.0, 1.12.1, 1.12.2, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.14.1, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.16.5, 1.16.6, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.19.2, 1.20.0, 1.20.1, 1.20.2, 1.21.0, 1.21.1, 1.22.0, 1.23.0, 1.23.1, 1.23.2, 1.24.0, 1.24.1, 1.25.0, 1.25.1, 1.25.2, 1.26.0, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.27.4, 1.27.5, 1.27.6, 1.28.0, 1.29.0, 1.29.1, 1.29.2, 1.30.0, 1.30.1, 1.30.2, 1.30.3, 1.30.4, 1.30.5, 1.31.0, 1.32.0, 1.32.1, 1.32.2, 1.32.3, 1.32.4, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.34.0, 1.34.1, 1.35.0, 1.35.1, 1.36.0, 1.36.1, 1.36.2, 1.37.0, 1.37.1, 1.37.2, 1.38.0, 1.39.0, 1.40.0, 1.41.0, 1.41.1, 1.42.0, 1.43.0, 1.44.0, 1.44.1, 1.44.2, 1.44.3, 1.44.4, 1.44.5, 1.44.6, 1.44.7, 1.44.8, 1.44.9, 1.45.0, 1.46.0, 1.47.0, 1.47.1, 1.47.2, 1.48.0, 1.49.0, 1.49.1, 1.50.0, 1.51.0, 1.52.0, 1.53.0, 1.54.0, 1.54.1, 1.54.2, 1.54.3, 1.54.4, 1.54.5, 1.54.6, 1.54.7, 1.54.8, 1.54.9, 1.55.0, 1.56.0, 1.56.1, 1.56.2, 1.57.0, 1.58.0, 1.58.1, 1.58.2, 1.58.3, 1.58.4, 1.58.5, 1.59.0, 1.60.0, 1.60.1, 1.61.0, 1.62.0, 1.62.1, 1.62.2, 1.62.3, 1.62.4, 1.62.5, 1.62.6, 1.62.7, 1.63.0, 1.63.1, 1.63.2, 1.64.0, 1.65.0, 1.66.0, 1.67.0, 1.67.1, 1.68.0, 1.69.0, 1.70.0, 1.70.1, 1.71.0, 1.71.1, 1.71.2, 1.71.3, 1.71.4, 1.71.5, 1.72.0, 1.73.0, 1.74.0, 1.74.1, 1.75.0, 1.75.1, 1.75.2, 1.76.0, 1.77.0, 1.77.1, 1.77.2, 1.77.3, 1.78.0, 1.78.1, 1.78.2, 1.79.0, 1.80.0, 1.80.1, 1.81.0, 1.81.1, 1.81.2, 1.81.3, 1.82.0, 1.82.1, 1.82.2, 1.83.0, 1.84.0, 1.84.1, 1.85.0, 1.86.0, 1.86.1, 1.87.0, 1.88.0, 1.88.1, 1.89.0, 1.90.0, 1.91.0, 1.91.1, 1.92.0, 1.93.0, 1.94.0, 1.94.1, 1.95.0, 1.96.0, 1.97.0, 1.97.1, 1.97.2, 1.97.3, 1.97.4, 1.98.0, 1.98.1, 1.98.2, 1.99.0, 1.99.1, 1.100.0, 1.101.0, 1.101.1, 1.101.2, 1.102.0, 1.103.0, 1.103.1, 1.104.0, 1.104.1, 1.104.2, 1.105.0, 1.105.1, 1.105.2, 1.106.0, 1.107.0, 1.108.0, 1.109.0, 1.110.0, 1.110.1, 1.111.0, 1.111.1, 1.111.2, 1.112.0, 1.113.0, 1.113.1, 1.114.0, 1.115.0, 1.116.0, 1.116.1, 1.117.0, 1.118.0, 1.118.1, 1.118.2, 1.119.0, 1.119.1, 1.120.0, 1.121.0, 1.122.0, 1.122.1, 1.122.2, 1.123.0, 1.124.0, 1.125.0, 1.126.0, 1.126.1, 1.127.0, 1.128.0, 1.128.1, 1.129.0, 1.130.0, 1.130.1, 1.130.2, 1.131.0, 1.131.1, 1.131.2, 1.132.0, 1.132.1, 1.133.0, 1.134.0, 1.134.1, 1.135.0, 1.136.0, 1.137.0, 1.138.0, 1.139.0, 1.140.0, 1.140.1, 1.141.0, 1.142.0, 1.142.1, 1.143.0, 1.143.1, 1.144.0, 1.144.1, 1.145.0, 1.146.0, 1.146.1, 1.147.0, 1.148.0, 1.149.0, 1.150.0, 1.151.0, 1.151.1, 1.151.2, 1.152.0, 1.152.1, 1.153.0, 1.154.0, 1.155.0, 1.155.1, 1.155.2, 1.156.0, 1.157.0, 1.157.1, 1.157.2, 1.158.0, 1.159.0, 1.160.0, 1.161.0, 1.162.0, 1.163.0, 1.164.0, 1.164.1, 1.165.0, 1.166.0, 1.166.1, 1.167.0, 1.168.0, 1.168.1, 1.169.0, 1.170.0, 1.170.1, 1.170.2, 1.171.0, 1.171.1, 1.171.2, 1.172.0, 1.173.0, 1.173.1, 1.173.2, 1.174.0, 1.175.0, 1.175.1, 1.176.0, 1.177.0, 1.178.0, 1.179.0, 1.180.0, 1.180.1, 1.181.0, 1.182.0, 1.182.1, 1.182.2, 1.183.0, 1.183.1, 1.184.0, 1.184.1, 1.185.0, 1.186.0, 1.187.0, 1.188.0, 1.188.1, 1.189.0, 1.190.0, 1.191.0, 1.192.0, 1.193.0, 1.194.0, 1.195.0, 1.196.0, 1.196.1, 1.197.0, 1.198.0, 1.199.0, 1.199.1, 1.200.0, 1.201.0, 1.202.0, 1.203.0, 1.203.1, 1.204.0, 1.205.0, 1.206.0, 1.207.0, 1.208.0, 1.209.0, 1.210.0, 1.211.0, 1.212.0, 1.213.0, 1.213.1, 1.214.0, 1.215.0, 1.216.0, 1.217.0, 1.218.0, 1.219.0, 1.220.0, 1.220.1, 1.221.0, 1.222.0, 1.223.0, 1.224.0, 1.225.0, 1.226.0, 1.226.1, 1.227.0, 1.228.0, 1.228.1, 1.229.0, 1.230.0, 1.231.0, 1.232.0, 1.233.0, 1.234.0, 1.235.0, 1.236.0, 1.237.0, 1.238.0, 1.239.0, 1.240.0, 1.240.1, 1.240.2, 1.240.3, 1.241.0, 1.242.0, 1.242.1, 1.243.0, 1.244.0, 1.245.0, 1.245.1, 1.246.0, 1.246.1, 1.247.0, 1.248.0, 1.249.0, 1.250.0, 1.250.1, 1.251.0, 1.252.0, 1.252.1, 1.253.0, 1.254.0, 1.254.1, 1.255.0, 1.255.1, 1.256.0, 1.256.1, 1.257.0, 1.258.0, 1.259.0, 1.260.0, 1.261.0, 1.262.0, 1.262.1, 1.263.0, 1.264.0, 1.264.1, 1.265.0, 1.265.1, 1.266.0, 1.267.0, 1.268.0, 1.269.0, 1.270.0, 1.270.1, 1.271.0, 1.272.0, 1.273.0, 1.274.0, 1.275.0, 1.276.0, 1.277.0, 1.278.0, 1.278.1, 1.279.0, 1.280.0, 1.281.0, 1.282.0, 1.283.0, 1.284.0, 1.284.1, 1.285.0, 1.286.0, 1.287.0, 1.288.0, 1.288.1, 1.289.0, 1.289.1, 1.290.0, 1.290.1, 1.291.0, 1.291.1, 1.292.0, 1.292.1, 1.293.0, 1.294.0, 1.295.0, 1.296.0, 1.297.0, 1.297.1, 1.298.0, 1.299.0, 1.299.1, 1.299.2, 1.300.0, 1.301.0, 1.301.1, 1.302.0, 1.302.1, 1.302.2, 1.302.3, 1.303.0, 1.304.0, 1.305.0, 1.305.1, 1.306.0, 1.307.0, 1.308.0, 1.309.0, 1.310.0, 1.311.0, 1.311.1, 1.312.0, 1.313.0, 1.314.0, 1.315.0, 1.315.1, 1.316.0, 1.316.1, 1.317.0, 1.318.0, 1.318.1, 1.319.0, 1.320.0, 1.320.1, 1.321.0, 1.322.0, 1.322.1, 1.323.0, 1.323.1, 1.323.2, 1.324.0, 1.325.0, 1.326.0, 1.326.1, 1.327.0, 1.328.0, 1.329.0, 1.329.1, 1.330.0, 1.331.0