8.6

CVE-2020-4040

Exploit

CSRF issue on preview pages in Bolt CMS

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoltcmsBolt Version < 3.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.77% 0.752
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
security-advisories@github.com 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2020/Jul/4
Third Party Advisory
Exploit
Mailing List
https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
Patch
Third Party Advisory
https://github.com/bolt/bolt/pull/7853
Patch
Third Party Advisory
https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
Patch
Third Party Advisory