CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46973
https://notcve.org/view.php?id=CVE-2022-46973
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. • https://github.com/Fw-fW-fw/UPDATE-CVE/blob/main/CVE-2022-46973 https://github.com/anji-plus/report/issues/15 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-42983
https://notcve.org/view.php?id=CVE-2022-42983
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. anji-plus AJ-Report versión 0.9.8.6, permite a atacantes remotos omitir la autenticación de inicio de sesión mediante la suplantación de tokens JWT • https://gitee.com/anji-plus/report/issues/I5VVZ0 https://github.com/anji-plus/report/issues/7 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21275 – CSRF in MediaWiki Report extension
https://notcve.org/view.php?id=CVE-2021-21275
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens. La extensión "Report" de MediaWiki presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF). Antes de la versión corregida, no había protección contra las comprobaciones de CSRF en Special:Report, por lo que las peticiones para reportar una revisión podrían ser falsificadas. • https://github.com/Kenny2github/Report/commit/f828dc6f73cdfaea5639edbf8ac7b326eeefb117 https://github.com/Kenny2github/Report/security/advisories/GHSA-9f3w-c334-jm2h https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-352: Cross-Site Request Forgery (CSRF) •