8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
/admin-document/@@share
github.com/advisories/GHSA-3hq4-f2v6-q338
github.com/Kotti/Kotti/commit/69d3c8a5d7203ddaec5ced5901acf87baddd76be
github.com/Kotti/Kotti/issues/551
nvd.nist.gov/vuln/detail/CVE-2018-9856