8.8
CVE-2019-17675
- EPSS 2.8%
- Veröffentlicht 17.10.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core < 5.2.4 - Type Confusion
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.31, 3.8.31, 3.9.29, 4.0.28, 4.1.28, 4.2.25, 4.3.21, 4.4.20, 4.5.19, 4.6.16, 4.7.14, 4.8.11, 4.9.12, 5.0.7, 5.1.3, 5.2.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-3.6.1
Version
3.7-3.7.30
Version
3.8-3.8.30
Version
3.9-3.9.28
Version
4.0-4.0.27
Version
4.1-4.1.27
Version
4.2-4.2.24
Version
4.3-4.3.20
Version
4.4-4.4.19
Version
4.5-4.5.18
Version
4.6-4.6.15
Version
4.7-4.7.13
Version
4.8-4.8.10
Version
4.9-4.9.11
Version
5.0-5.0.6
Version
5.1-5.1.2
Version
5.2-5.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.8% | 0.846 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
https://www.debian.org/security/2020/dsa-4677
https://seclists.org/bugtraq/2020/Jan/8
https://www.debian.org/security/2020/dsa-4599
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
https://core.trac.wordpress.org/changeset/46477
https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
https://wpvulndb.com/vulnerabilities/9913
https://www.wordfence.com/threat-intel/vulnerabilities/id/04e0b17e-efab-4b08-8c8a-93e3e4baffaa