CVE-2024-41811 – ipl/web

Package

Manager: composer
Name: ipl/web
Vulnerable Version: >=0 <0.10.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00054 pctl0.16968

Details

ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF ### Impact Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF) Affected products: * Icinga Web (>=2.12.0) * Icinga DB Web (>=1.0.0) * Icinga Notifications Web (>=0.1.0) * Icinga Web JIRA Integration (>=1.3.0) All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. ### Patches Version 0.10.1 will include a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

Metadata

Created: 2024-08-05T14:39:09Z
Modified: 2024-08-06T14:41:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-w9pg-7c3h-fc8j/GHSA-w9pg-7c3h-fc8j.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-w9pg-7c3h-fc8j
Finding: F007
Auto approve: 1