CSRF Bypass Vulnerability in Rukovoditel by Ruko
CVE-2020-11818

8.8HIGH

Key Information:

Vendor: Rukovoditel
Status: Rukovoditel
Vendor: CVE Published:; 16 April 2020

🔔 Create Rukovoditel Vulnerability Alert

What is CVE-2020-11818?

A vulnerability exists in Rukovoditel 2.5.2 where the security measure designed to prevent CSRF attacks, specifically the form_session_token, can be bypassed if an attacker obtains a valid token of another user. This allows the attacker to perform unauthorized actions such as changing the administrator password, leading to potential privilege escalation and unauthorized access to sensitive administrative functions.

References

https://fatihhcelik.blogspot.com/2020/01/rukovoditel-csrf...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2020
Vulnerability Reserved
Apr 16, 2020

JSON