Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core
CVE-2023-3627

8.1HIGH

Key Information:

Vendor: Salesagility
Status: Salesagility/suitecrm-core
Vendor: CVE Published:; 11 July 2023

🔔 Create Salesagility Vulnerability Alert

What is CVE-2023-3627?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in SuiteCRM, affecting versions prior to 8.3.1. This flaw could allow unauthorized actions to be performed on behalf of an authenticated user, potentially compromising the integrity of user accounts and enabling attackers to manipulate data without their consent. It is crucial for administrators to upgrade to the latest version and implement effective security measures to mitigate this risk.

Affected Version(s)

salesagility/suitecrm-core < 8.3.1

References

https://huntr.dev/bounties/558b3dce-db03-47ba-b60b-c6eb57...

https://github.com/salesagility/suitecrm-core/commit/7828...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jul 11, 2023