CVE-2023-0642 - Cross-Site Request Forgery (CSRF) in Squidex CMS

1. Vulnerability Properties

Title: Cross-Site Request Forgery (CSRF) in Squidex CMS
CVE ID: CVE-2023-0642
CVSSv3 Base Score: 6.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Products: Squidex
Advisory Release Date: 3 February 2023
Advisory URL: https://labs.integrity.pt/advisories/cve-2023-0642
Credits: Discovery by Gil Pratas

2. Vulnerability Summary

Squidex is vulnerable to a CSRF attack that can be used to change a user’s email, thus blocking its access to the application.

3. Vulnerable Versions

  • < 7.4.0

4. Solution

  • Vendor marked fixed in version 7.4.0

5. Vulnerability Timeline

  • 26/Jan/23 - Vulnerability reported to vendor
  • 1/Feb/23 - Vulnerability verified and fixed by vendor
  • 3/Feb/23 - Advisory Released

6. References

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0642


© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.