← voltar
CVE-2024-41811

ipl/web susceptible to Cross-Site Request Forgery (CSRF)

CVSS 3.9 LOWEPSS 0.2%CWE-352
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Produtos afetados
Icinga · ipl-web

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571ehttps://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j