Cross-Site Request Forgery (CSRF) in prefecthq/prefect
CVE-2023-6022

8.8HIGH

Key Information:

Vendor: Prefecthq
Status: Prefecthq/prefect
Vendor: CVE Published:; 16 November 2023

What is CVE-2023-6022?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Prefect platform, specifically affecting versions prior to 2.16.5. This weakness allows an attacker to trick users into executing unwanted actions on web applications in which they are authenticated. Attackers can exploit this flaw to manipulate the application's behavior, potentially leading to unauthorized actions performed on behalf of the user, thereby jeopardizing the integrity and confidentiality of user data.

Affected Version(s)

prefecthq/prefect < 2.16.5

References

https://huntr.com/bounties/dab47d99-551c-4355-9ab1-c99cb9...

https://github.com/prefecthq/prefect/commit/227dfcc7e3374...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Nov 8, 2023

CVE-2023-6022 Data

JSON

Prefecthq

What is CVE-2023-6022?

Affected Version(s)

References

CVSS V3.1

Timeline