CSRF Vulnerability in JN-Jones MyBB-2FA Plugin for MyBB
CVE-2019-12363

8.8HIGH

Key Information:

Vendor: Mybb-2fa Project
Status: Mybb-2fa
Vendor: CVE Published:; 11 July 2019

🔔 Create Mybb-2fa Project Vulnerability Alert

What is CVE-2019-12363?

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the JN-Jones MyBB-2FA plugin for MyBB. This security flaw allows attackers to forge requests that can manipulate the state of the MyBB 2FA plugin. Specifically, an attacker can disable Two-Factor Authentication (2FA) via specific URL actions, which could compromise the security of user accounts and expose them to unauthorized access. Users are advised to verify the integrity of their 2FA settings and ensure they're running the latest version of the plugin to mitigate potential risks.

References

https://community.mybb.com/thread-162369.html

x_refsource_MISC

https://seekurity.com/blog/advisories/mybb-two-factor-aut...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2019
Vulnerability Reserved
May 27, 2019