CVE-2021-41260

Sažetak

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.

Reference

https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5
https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

22-12-2021 - 02:45

Objavljeno

16-12-2021 - 18:15