Lucene search

[email protected]CVE-2019-15229

HistoryAug 20, 2019 - 12:15 a.m.

CVE-2019-15229

2019-08-2000:15:10

CWE-352

[email protected]

web.nvd.nist.gov

cve-2019-15229

fuel cms

csrf

vulnerability

admin console

create blocks section

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Affected configurations

NVD

Node

thedaylightstudiofuel_cmsRange≤1.4.4

CPENameOperatorVersion
thedaylightstudio:fuel_cmsthedaylightstudio fuel cmsle1.4.4

CPE	Name	Operator	Version
thedaylightstudio:fuel_cms	thedaylightstudio fuel cms	le	1.4.4

References

github.com/daylightstudio/FUEL-CMS/issues/536

www.sevenlayers.com/index.php/238-fuelcms-1-4-4-csrf

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2019-15229

nvd1 osv1 prion1 cvelist1