CVE-2023-4659 Information

Description

Cross-Site Request Forgery vulnerability whose exploitation could allow an attacker to perform different actions on the platform as an administrator simply by changing the token value to dmin. It is also possible to perform POST GET and DELETE requests without any token value. Therefore an unprivileged remote user is able to create delete and modify users within theapplication.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8