Headline
GHSA-rwcp-qrwg-56cg: Casdoor Cross-Site Request Forgery vulnerability
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user’s password via supplying a crafted URL.
Casdoor Cross-Site Request Forgery vulnerability
Moderate severity GitHub Reviewed Published Jun 22, 2023 to the GitHub Advisory Database • Updated Jun 22, 2023
Related news
CVE-2023-34927: Casdoor Vulnerability
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.