Lucene search
MitreCVE-2023-25015HistoryFeb 02, 2023 - 4:15 a.m.
CVE-2023-25015
2023-02-0204:15:08
CWE-352
mitre
web.nvd.nist.gov
93
clockwork web
csrf
rails 5.2
cve-2023-25015
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
27.2%
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.
Affected configurations
Node
clockwork_web_projectclockwork_webRange<0.1.2
rubyonrailsrailsRange<5.2.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| clockwork_web_project | clockwork_web | * | cpe:2.3:a:clockwork_web_project:clockwork_web:*:*:*:*:*:*:*:* |
| rubyonrails | rails | * | cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* |
Related
github
github
prion
prion
Cross site request forgery (csrf)
2023-02-02 04:15:00
osv
osv
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
2023-02-02 06:30:26
CVE-2023-25015
2023-02-02 04:15:08
cvelist
cvelist
CVE-2023-25015
2023-02-02 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-02-08 06:58:49
nvd
nvd
CVE-2023-25015
2023-02-02 04:15:08
rubygems
rubygems
CSRF Vulnerability with Rails < 5.2
2023-01-31 21:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
27.2%
Related for CVE-2023-25015