CVE-2023-38396

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 3, 2023

Updated: Oct 4, 2023

CWE ID 352

Summary

CVE-2023-38396 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 3.1.2 and below of the Alain Gonzalez plugin. Attackers can exploit this issue by tricking users into making unintended actions on a web application, potentially leading to data modifications or unauthorized access. The CSRF vulnerability enables an attacker to submit malicious requests on behalf of a user, posing a serious threat to the integrity and confidentiality of user data. It is important for users to upgrade to the latest plugin version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sBkhlT
https://www.cve.org/CVERecord?id=CVE-2023-38396
https://nvd.nist.gov/vuln/detail/CVE-2023-38396

Back to Vulnerability Database

CVE-2023-38396

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations