CSRF Vulnerability in OWASP CSRFGuard Affected by Session Token
CVE-2021-28490

8.8HIGH

Key Information:

Vendor: Owasp
Status: Csrfguard
Vendor: CVE Published:; 19 August 2021

What is CVE-2021-28490?

The OWASP CSRFGuard version 3.1.0 is susceptible to a CSRF vulnerability where an attacker can exploit the session token to retrieve the CSRF cookie. This allows unauthorized actions to be performed on behalf of the victim without their consent. It highlights the need for enhanced security measures to protect web applications from CSRF attacks and ensure that CSRF tokens are securely managed.

References

https://owasp.org/www-project-csrfguard/

x_refsource_MISC

https://github.com/reidmefirst/vuln-disclosure/blob/main/...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2021
Vulnerability Reserved
Mar 16, 2021

CVE-2021-28490 Data

JSON

Owasp

What is CVE-2021-28490?

References

CVSS V3.1

Timeline