CVE-2023-45884 – openmct

Package

Manager: npm
Name: openmct
Vulnerable Version: >=0 <3.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00093 pctl0.27127

Details

NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.

Metadata

Created: 2023-11-09T18:34:55Z
Modified: 2023-11-15T17:28:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-4g88-4hgm-m99x/GHSA-4g88-4hgm-m99x.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-4g88-4hgm-m99x
Finding: F007
Auto approve: 1