Back to search
CVE-2019-18346
Published: Dec 4, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.davical.org/
x_refsource_MISC
https://gitlab.com/davical-project/davical/blob/master/ChangeLog
x_refsource_MISC
20191210 CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server
mailing-list
x_refsource_FULLDISC
20191210 CVE-2019-18345 Reflected Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server
mailing-list
x_refsource_FULLDISC
20191210 CVE-2019-18346 Cross-Site Request Forgery (CSRF) vulnerability in DAViCal CalDAV Server
mailing-list
x_refsource_FULLDISC
[debian-lts-announce] 20191214 [SECURITY] [DLA 2034-1] davical security update
mailing-list
x_refsource_MLIST
DSA-4582
vendor-advisory
x_refsource_DEBIAN
20191216 [SECURITY] [DSA 4582-1] davical security update
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now