Lucene search
GoogleOSV:GHSA-PJ2C-H76W-VV6FHistoryOct 07, 2022 - 9:23 p.m.
tiny-csrf has openly visible CSRF tokens
2022-10-0721:23:18
Google
osv.dev
10
csrf tokens
weak encryption
malicious attackers
patched
upgrade
owasp
github repository
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
48.7%
Impact
Weak encryption on CSRF so tokens can be read by malicious attackers.
Patches
Problems have been patched as of v1.1.0
Workarounds
Upgrade to v1.1.0
References
For more information
Submit an issue at the github repo
Related
osv
osv
CVE-2022-39287
2022-10-07 20:15:15
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-10-11 14:13:42
cvelist
cvelist
CVE-2022-39287 Plaintext transmission of CSRF tokens in tiny-csrf
2022-10-07 00:00:00
nvd
nvd
CVE-2022-39287
2022-10-07 20:15:15
prion
prion
Cross site request forgery (csrf)
2022-10-07 20:15:00
cve
cve
CVE-2022-39287
2022-10-07 20:15:15
github
github
tiny-csrf has openly visible CSRF tokens
2022-10-07 21:23:18
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
48.7%
Related for OSV:GHSA-PJ2C-H76W-VV6F