CSRF Vulnerability in Codiad by Codiad Team
CVE-2020-14043

8.8HIGH

Key Information:

Vendor

Codiad

Status
Codiad
Vendor
CVE Published:
24 August 2020

What is CVE-2020-14043?

A Cross Site Request Forgery vulnerability has been identified in Codiad versions 1.7.8 and later. This flaw allows unauthorized commands to be performed on behalf of an authenticated admin user when they download plugins from the marketplace. The absence of CSRF protection in the relevant controller file can enable malicious actors to execute unintended actions, potentially leading to remote code execution. It is important to note that Codiad is no longer actively maintained, raising additional security concerns for users relying on this software.

References

https://github.com/Codiad/Codiad/blob/master/README.md
x_refsource_MISC
https://github.com/Codiad/Codiad/issues/1122
x_refsource_MISC
https://advisory.checkmarx.net/advisory/CX-2020-4279
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.