CSRF Vulnerability in JN-Jones MyBB-2FA Plugin for MyBB
CVE-2019-12363

8.8HIGH

Key Information:

Vendor

Mybb-2fa Project

Status
Mybb-2fa
Vendor
CVE Published:
11 July 2019

What is CVE-2019-12363?

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the JN-Jones MyBB-2FA plugin for MyBB. This security flaw allows attackers to forge requests that can manipulate the state of the MyBB 2FA plugin. Specifically, an attacker can disable Two-Factor Authentication (2FA) via specific URL actions, which could compromise the security of user accounts and expose them to unauthorized access. Users are advised to verify the integrity of their 2FA settings and ensure they're running the latest version of the plugin to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://community.mybb.com/thread-162369.html
x_refsource_MISC
https://seekurity.com/blog/advisories/mybb-two-factor-aut...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.