Cross-Site Request Forgery Vulnerability in OpenCATS by OpenCATS
CVE-2023-26845

4.3MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-26845?

OpenCATS 0.9.7 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to manipulate user sessions. This vulnerability can be exploited to force users into submitting requests unwittingly, potentially resulting in unauthorized actions being performed on behalf of authentic users. Proper security measures must be taken to mitigate this risk, ensuring that user interactions with the application remain secure.

References

https://opencats.org

https://github.com/cassis-sec/CVE/tree/main/2023/CVE-2023...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-26845 Data

JSON

Opencats

What is CVE-2023-26845?

References

CVSS V3.1

Timeline