CVE-2023-6022

Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.
Configurations

Configuration 1 (hide)

cpe:2.3:a:prefect:prefect:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:42

Type Values Removed Values Added
References () https://github.com/prefecthq/prefect/commit/227dfcc7e3374c212a4bcd68b14e090b1c02d9d3 - () https://github.com/prefecthq/prefect/commit/227dfcc7e3374c212a4bcd68b14e090b1c02d9d3 -
References () https://huntr.com/bounties/dab47d99-551c-4355-9ab1-c99cb90235af - Exploit () https://huntr.com/bounties/dab47d99-551c-4355-9ab1-c99cb90235af - Exploit

15 May 2024, 11:15

Type Values Removed Values Added
Summary (en) An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the open source Prefect web server's API. (en) Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.
References
  • () https://github.com/prefecthq/prefect/commit/227dfcc7e3374c212a4bcd68b14e090b1c02d9d3 -

30 Nov 2023, 13:15

Type Values Removed Values Added
Summary An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the Prefect API. An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the open source Prefect web server's API.
CWE CWE-352

24 Nov 2023, 23:05

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-16 17:15

Updated : 2024-11-21 08:42


NVD link : CVE-2023-6022

Mitre link : CVE-2023-6022

CVE.ORG link : CVE-2023-6022


JSON object : View

Products Affected

prefect

  • prefect
CWE
CWE-352

Cross-Site Request Forgery (CSRF)