Cross Site Request Forgery Vulnerability in Leantime by Leantime
CVE-2024-27474

8.8HIGH

Key Information:

Vendor

Leantime

Status
Vendor
CVE Published:
10 April 2024

What is CVE-2024-27474?

The Leantime 3.0.6 software exhibits a vulnerability to Cross Site Request Forgery (CSRF), which potentially allows attackers to execute unauthorized operations on behalf of authenticated users, particularly those with administrative privileges. This security loophole can be exploited to compromise user actions without consent, posing a significant risk to the integrity and security of the affected system. It is essential for users to implement security measures and updates to handle this vulnerability effectively.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.