CVE-2023-0737

wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wallabag:wallabag:2.5.2:*:*:*:*:*:*:*

History

19 Nov 2024, 14:43

Type Values Removed Values Added
References () https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc - () https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc - Patch
References () https://huntr.com/bounties/4ba20fe7-4061-4dfb-ab2f-ecaf110641a5 - () https://huntr.com/bounties/4ba20fe7-4061-4dfb-ab2f-ecaf110641a5 - Exploit
CPE cpe:2.3:a:wallabag:wallabag:2.5.2:*:*:*:*:*:*:*
First Time Wallabag wallabag
Wallabag

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) La versión 2.5.2 de wallabag contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) que permite a los atacantes eliminar arbitrariamente cuentas de usuario a través del endpoint /account/delete. Este problema se solucionó en la versión 2.5.4.

15 Nov 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-15 11:15

Updated : 2024-11-19 14:43


NVD link : CVE-2023-0737

Mitre link : CVE-2023-0737

CVE.ORG link : CVE-2023-0737


JSON object : View

Products Affected

wallabag

  • wallabag
CWE
CWE-352

Cross-Site Request Forgery (CSRF)