Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Request Forgery (CSRF) in trestle-auth
Vulnerability Description
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account credentials. The vulnerability has been fixed in trestle-auth 0.4.2 released to RubyGems.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Sam Pohlenz trestle-auth 跨站请求伪造漏洞
Vulnerability Description
Sam Pohlenz trestle-auth是Sam Pohlenz开源的一个应用软件。一个身份验证插件。 Trestle-auth 0.4.0版本和0.4.1版本存在跨站请求伪造漏洞,该漏洞会使攻击者更改用户的数据,包括管理帐户凭据。
CVSS Information
N/A
Vulnerability Type
N/A