logo

Database

Cross-site request forgery

Description

The applications configuration allows an attacker to trick authenticated users into executing actions without their consent.

Impact

Impersonate a user request to execute malicious actions in the application.

Recommendation

Use of tokens in forms to verify requests done by legitimate users.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

029 - Cookies with security attributes174 - Transactions without a distinguishable pattern

Fixes

CsharpDartElixirGoJavaPhpPythonRubyScalaSwiftTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

N

User interaction

A

Confidentiality (VC)

N

Integrity (VI)

L

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N