Lucene search
GoogleOSV:GHSA-7G7R-GR46-Q4P5HistoryJan 27, 2022 - 4:21 p.m.
Cross-Site Request Forgery in yetiforce
2022-01-2716:21:33
Google
osv.dev
9
yetiforce
csrf
privilege escalation
samesite
vulnerability
admin account
exploitation
guest users
EPSS
0.001
Percentile
40.4%
Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users.
Related
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-01-25 05:41:14
github
github
Cross-Site Request Forgery in yetiforce
2022-01-27 16:21:33
prion
prion
Cross site request forgery (csrf)
2022-01-24 12:15:00
cve
cve
CVE-2022-0269
2022-01-24 12:15:07
nvd
nvd
CVE-2022-0269
2022-01-24 12:15:07
huntr
huntr
Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm
2022-01-12 12:01:52
cnvd
cnvd
YetiForceCrm Cross-site Request Forgery Vulnerability (CNVD-2022-08153)
2022-01-26 00:00:00
osv
osv
CVE-2022-0269
2022-01-24 12:15:07
cvelist
cvelist