CVE-2019-18346

2019-12-0418:15:16

Google

osv.dev

9.1 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user.

CPENameOperatorVersion
davicaleqr1.1.3.1
davicaleqr0.9.7.1
davicaleqr1.0.1
davicaleqdebian/1.1.3-1
davicaleqr0.9.8
davicaleqr0.9.8.3
davicaleqr0.9.5.90
davicaleqr1.1.3
davicaleqr0.9.6.2
davicaleqr1.1.6

Name	Operator	Version
davical	eq	r1.1.3.1
davical	eq	r0.9.7.1
davical	eq	r1.0.1
davical	eq	debian/1.1.3-1
davical	eq	r0.9.8
davical	eq	r0.9.8.3
davical	eq	r0.9.5.90
davical	eq	r1.1.3
davical	eq	r0.9.6.2
davical	eq	r1.1.6