2017-10-16 12:31:07 -04:00
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org" ,
2017-10-16 16:44:18 -04:00
"DATE_ASSIGNED" : "2017-05-06T20:43:28.261681" ,
2017-10-16 12:31:07 -04:00
"ID" : "CVE-2017-1000008" ,
2017-10-16 16:44:18 -04:00
"REQUESTER" : "cptest311@frontier.com" ,
2017-10-16 12:31:07 -04:00
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
2017-10-16 16:44:18 -04:00
"product_name" : "Chyrp Lite" ,
2017-10-16 12:31:07 -04:00
"version" : {
"version_data" : [
{
2017-10-16 16:44:18 -04:00
"version_value" : "v2016.04 \"lago\". Older versions may also be affected but this has not been confirmed."
2017-10-16 12:31:07 -04:00
}
]
}
}
]
} ,
2017-10-16 16:44:18 -04:00
"vendor_name" : "Daniel Pimley - @xenocrat on GitHub"
2017-10-16 12:31:07 -04:00
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
2017-10-16 16:44:18 -04:00
"value" : "Cross Site Request Forgery (CSRF)"
2017-10-16 12:31:07 -04:00
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2018-04-05 09:33:01 -04:00
"name" : "https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a" ,
"refsource" : "CONFIRM" ,
2017-10-16 12:31:07 -04:00
"url" : "https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a"
}
]
}
}
