CVE-2024-41811

low

Description

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

References

https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j

https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e

Details

Source: Mitre, NVD

Published: 2024-08-05

Updated: 2024-08-06

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 3.9

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Severity: Low

CVSS v4

Base Score: 2.1

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low