Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
Metrics
Affected Vendors & Products
References
History
Wed, 04 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-22T00:00:00
Updated: 2024-12-04T21:40:56.754Z
Reserved: 2023-06-07T00:00:00
Link: CVE-2023-34927
Vulnrichment
Updated: 2024-08-02T16:17:04.188Z
NVD
Status : Modified
Published: 2023-06-22T13:15:10.383
Modified: 2024-11-21T08:07:40.793
Link: CVE-2023-34927
Redhat
No data.