CVE-2023-34927
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jun 22, 2023
Updated: Jun 28, 2023
CWE ID 352
Summary
CVE-2023-34927 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Casdoor versions 1.331.0 and below. This issue, located in the /api/set-password endpoint, enables attackers to manipulate users' passwords by crafting malicious URLs, potentially compromising their accounts. This vulnerability underscores the importance of implementing robust CSRF protection mechanisms to secure web applications against unauthorized data modification.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share