Cross Site Request Forgery in GNU Savane by GNU
CVE-2024-27631

Currently unrated

Key Information:

Vendor: GNU
Status: GNU Savane
Vendor: CVE Published:; 8 April 2024

Badges

👾 Exploit Exists

Summary

A Cross Site Request Forgery (CSRF) vulnerability exists in GNU Savane versions 3.12 and earlier, which may allow a remote attacker to escalate privileges. By exploiting this vulnerability through the siteadmin/usergroup.php page, an unauthorized user can perform actions on behalf of an authenticated user without their consent, potentially compromising the security and integrity of the application. It is crucial for users and administrators to apply necessary patches to mitigate this security risk.

References

https://git.savannah.nongnu.org/cgit/administration/savan...

https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-...

https://github.com/ally-petitt/CVE-2024-27631

Timeline

Vulnerability published
Apr 8, 2024
🟡
Public PoC available
Apr 7, 2024
👾
Exploit known to exist
Apr 7, 2024
Vulnerability Reserved
Feb 26, 2024