Summaryinfo

A vulnerability was found in Bhima 1.27.0. It has been declared as problematic. Impacted is an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2023-0959. The attack may be performed from remote. There is no available exploit. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability was found in Bhima 1.27.0. It has been rated as problematic. Affected by this issue is some unknown processing. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. Using CWE to declare the problem leads to CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Impacted is integrity. CVE summarizes:

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.

The weakness was presented 04/06/2023. The advisory is available at fluidattacks.com. This vulnerability is handled as CVE-2023-0959 since 02/22/2023. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-12944). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• Bhima

Version

• 1.27.0

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion