CVE-2024-41811

Published: Aug 5, 2024

Modified: Aug 6, 2024

PUBLISHED

CVSS v3.1

3.9

LOW

Description

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

Vendor	Product	Versions
Icinga	ipl-web	affected `< 0.10.1`

Weaknesses (CWE)

CWE-352

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j

x_refsource_CONFIRM

https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-41811

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References