Search criteria
2 vulnerabilities found for ipl-web by Icinga
CVE-2024-41811 (GCVE-0-2024-41811)
Vulnerability from cvelistv5 – Published: 2024-08-05 20:17 – Updated: 2024-08-06 13:53
VLAI?
Title
ipl/web susceptible to Cross-Site Request Forgery (CSRF)
Summary
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:53:22.612388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:53:56.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ipl-web",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003c 0.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:17:30.849Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j"
},
{
"name": "https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e"
}
],
"source": {
"advisory": "GHSA-w9pg-7c3h-fc8j",
"discovery": "UNKNOWN"
},
"title": "ipl/web susceptible to Cross-Site Request Forgery (CSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41811",
"datePublished": "2024-08-05T20:17:30.849Z",
"dateReserved": "2024-07-22T13:57:37.136Z",
"dateUpdated": "2024-08-06T13:53:56.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41811 (GCVE-0-2024-41811)
Vulnerability from nvd – Published: 2024-08-05 20:17 – Updated: 2024-08-06 13:53
VLAI?
Title
ipl/web susceptible to Cross-Site Request Forgery (CSRF)
Summary
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:53:22.612388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:53:56.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ipl-web",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003c 0.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:17:30.849Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j"
},
{
"name": "https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e"
}
],
"source": {
"advisory": "GHSA-w9pg-7c3h-fc8j",
"discovery": "UNKNOWN"
},
"title": "ipl/web susceptible to Cross-Site Request Forgery (CSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41811",
"datePublished": "2024-08-05T20:17:30.849Z",
"dateReserved": "2024-07-22T13:57:37.136Z",
"dateUpdated": "2024-08-06T13:53:56.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}