Lucene search
GoogleOSV:GHSA-2Q66-6CC3-6XM8HistoryJun 09, 2020 - 12:25 a.m.
CSRF issue on preview pages in Bolt CMS
2020-06-0900:25:41
Google
osv.dev
8
EPSS
0.003
Percentile
69.2%
Impact
Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.
Patches
This has been fixed in Bolt 3.7.1
References
Related issue: https://github.com/bolt/bolt/pull/7853
References
packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
seclists.org/fulldisclosure/2020/Jul/4
github.com/bolt/bolt
github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
github.com/bolt/bolt/pull/7853
github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
nvd.nist.gov/vuln/detail/CVE-2020-4040
Related
cve
cve
CVE-2020-4040
2020-06-08 22:15:10
github
github
CSRF issue on preview pages in Bolt CMS
2020-06-09 00:25:41
nvd
nvd
CVE-2020-4040
2020-06-08 22:15:10
veracode
veracode
Cross-site Request Forgery (CSRF)
2020-06-10 03:26:30
cvelist
cvelist
CVE-2020-4040 CSRF issue on preview pages in Bolt CMS
2020-06-08 22:00:16
cbl_mariner
cbl_mariner
CVE-2020-4040 affecting package bolt 0.9.2-2
2024-09-21 03:20:41
prion
prion
Cross site request forgery (csrf)
2020-06-08 22:15:00
osv
osv
CVE-2020-4040
2020-06-08 22:15:10
packetstorm
packetstorm
Bolt CMS 3.7.0 XSS / CSRF / Shell Upload
2020-07-03 00:00:00
zdt
zdt
Bolt CMS 3.7.0 XSS / CSRF / Shell Upload Vulnerabilities
2020-07-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1809
2021-07-02 16:34:28