Cross Site Request Forgery in GNU Savane by GNU

CVE-2024-27631

What is CVE-2024-27631?

A Cross Site Request Forgery (CSRF) vulnerability exists in GNU Savane versions 3.12 and earlier, which may allow a remote attacker to escalate privileges. By exploiting this vulnerability through the siteadmin/usergroup.php page, an unauthorized user can perform actions on behalf of an authenticated user without their consent, potentially compromising the security and integrity of the application. It is crucial for users and administrators to apply necessary patches to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References