CVE-2023-4454

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Aug 21, 2023

Updated: Aug 24, 2023

CWE ID 352

Summary

CVE-2023-4454 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the wallabag/wallabag GitHub repository before version 2.6.3. An attacker could exploit this issue to force an authenticated user to perform unintended actions on the application, such as deleting or modifying their account settings. The vulnerability arises due to insufficient input validation and lack of CSRF tokens in certain application endpoints. Users are strongly advised to upgrade to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Wallabag

Affected Vendors

Wallabag

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sadMgH
https://www.cve.org/CVERecord?id=CVE-2023-4454
https://nvd.nist.gov/vuln/detail/CVE-2023-4454

Back to Vulnerability Database