CVE-2023-3589
Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
Una vulnerabilidad de Cross-Site Request Forgery (CSRF) que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x podría permitir, con algunas condiciones muy específicas, que un atacante envíe una consulta específicamente manipulada al servidor.
*Credits:
Johannes Rückert from mgm security partners GmbH
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-10 CVE Reserved
- 2023-10-09 CVE Published
- 2024-09-19 CVE Updated
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
- CAPEC-62: Cross Site Request Forgery
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.3ds.com/vulnerability/advisories | 2023-10-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2021x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x" | business |
Affected
| ||||||
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2022x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x" | business |
Affected
| ||||||
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2021x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x" | enterprise |
Affected
| ||||||
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2022x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x" | enterprise |
Affected
| ||||||
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2021x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x" | business_pro |
Affected
| ||||||
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2022x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x" | business_pro |
Affected
| ||||||
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2021x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x" | standard |
Affected
| ||||||
| 3ds Search vendor "3ds" | Teamwork Cloud No Magic Release Search vendor "3ds" for product "Teamwork Cloud No Magic Release" | 2022x Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x" | standard |
Affected
| ||||||