Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNjYtNmNjMy02eG04

CSRF issue on preview pages in Bolt CMS

Impact

Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.

Patches

This has been fixed in Bolt 3.7.1

References

Related issue: https://github.com/bolt/bolt/pull/7853

Permalink: https://github.com/advisories/GHSA-2q66-6cc3-6xm8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNjYtNmNjMy02eG04
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: about 1 year ago


CVSS Score: 8.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Identifiers: GHSA-2q66-6cc3-6xm8, CVE-2020-4040
References:

Affected Packages

packagist:bolt/bolt
Versions: < 3.7.1
Fixed in: 3.7.1