CVE-2019-7346 Information

Description

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails a callback function is called displaying a \Try again\ button which allows resending the failed request making the CSRF attack successful.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://github.com/ZoneMinder/zoneminder/issues/2469

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8