admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#1329

Browse Source 
Auto-merge PR#1329
This commit is contained in:
CVE Team 2021-04-13 15:35:46 -04:00 committed by GitHub
commit eb7cbcf3b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 81 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2021/29xxx/CVE-2021-29436.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cross site request forgery vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "timetracker",
"version": {
"version_data": [
{
"version_value": "< 1.19.27.5431"
}
]
}
}
]
},
"vendor_name": "anuko"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed()."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-352\":\"Cross-Site Request Forgery (CSRF)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/anuko/timetracker/security/advisories/GHSA-pgpx-rfvj-9g4f",
"refsource": "CONFIRM",
"url": "https://github.com/anuko/timetracker/security/advisories/GHSA-pgpx-rfvj-9g4f"
},
{
"name": "https://github.com/anuko/timetracker/commit/e3f8222ee308322942bcebcd86b78ecf19382563",
"refsource": "MISC",
"url": "https://github.com/anuko/timetracker/commit/e3f8222ee308322942bcebcd86b78ecf19382563"
},
{
"name": "https://github.com/anuko/timetracker/commit/e77be7eea69df5d52e19f9f25b5b89a0e66a5b8e",
"refsource": "MISC",
"url": "https://github.com/anuko/timetracker/commit/e77be7eea69df5d52e19f9f25b5b89a0e66a5b8e"
}
]
},
"source": {
"advisory": "GHSA-pgpx-rfvj-9g4f",
"discovery": "UNKNOWN"
}
}