Lucene search

GitHub Advisory DatabaseGHSA-C939-G732-48R8

HistoryMay 14, 2022 - 1:10 a.m.

Subrion CMS vulnerable to CSRF in blog/delete

2022-05-1401:10:36

CWE-352

GitHub Advisory Database

github.com

subrion cms

csrf

vulnerability

blog deletion

patch

version 4.2.1

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.9%

JSON

Subrion CMS is vulnerable to cross-site request forgery in blog/delete/. This has been patched in version 4.2.1.

Affected configurations

Vulners

Node

intelliantssubrionRange<4.2.1

VendorProductVersionCPE
intelliantssubrion*cpe:2.3:a:intelliants:subrion:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intelliants	subrion	*	cpe:2.3:a:intelliants:subrion::::::::

References

github.com/advisories/GHSA-c939-g732-48r8

github.com/intelliants/subrion/commit/8c08d7b92a4b7b5820a951d53c24844715439b73

github.com/intelliants/subrion/issues/477

nvd.nist.gov/vuln/detail/CVE-2017-18366

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.9%

JSON

Related for GHSA-C939-G732-48R8