CVE-2015-2912 – com.orientechnologies:orientdb-studio

Package

Manager: maven
Name: com.orientechnologies:orientdb-studio
Vulnerable Version: >=0 <2.0.15 || =2.1.0 || >=2.1.0 <2.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00343 pctl0.56226

Details

OrientDB-Server vulnerable to Cross-Site Request Forgery The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.

Metadata

Created: 2018-10-18T17:41:13Z
Modified: 2022-09-13T23:50:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-p8ww-vv84-c2rm/GHSA-p8ww-vv84-c2rm.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-p8ww-vv84-c2rm
Finding: F007
Auto approve: 1