Security
Headlines

Headlines Latest CVEs

Headline

GHSA-p4xx-w6fr-c4w9: Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2

Clockwork Web before 0.1.2, when used with Rails before 5.2 is used, allows Cross-Site Request Forgery (CSRF). A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs. All users running an affected release on Rails < 5.2 should upgrade immediately.

2 years ago

#csrf #vulnerability #web #git #auth

Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2

Moderate severity GitHub Reviewed Published Feb 2, 2023 to the GitHub Advisory Database • Updated Feb 2, 2023

Related news

CVE-2023-25015: Fixed CSRF vulnerability with Rails < 5.2 · ankane/clockwork_web@ec28965

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

2 years ago

#csrf #vulnerability #web #git

ghsa: Latest News

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

12 hours ago

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

12 hours ago

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

12 hours ago

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

13 hours ago

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

13 hours ago