// For flags

CVE-2023-3589

Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.

Una vulnerabilidad de Cross-Site Request Forgery (CSRF) que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x podría permitir, con algunas condiciones muy específicas, que un atacante envíe una consulta específicamente manipulada al servidor.

*Credits: Johannes Rückert from mgm security partners GmbH
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-07-10 CVE Reserved
  • 2023-10-09 CVE Published
  • 2024-09-19 CVE Updated
  • 2024-11-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
  • CAPEC-62: Cross Site Request Forgery
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2021x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x"
business
Affected
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2022x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x"
business
Affected
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2021x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x"
enterprise
Affected
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2022x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x"
enterprise
Affected
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2021x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x"
business_pro
Affected
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2022x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x"
business_pro
Affected
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2021x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2021x"
standard
Affected
3ds
Search vendor "3ds"
Teamwork Cloud No Magic Release
Search vendor "3ds" for product "Teamwork Cloud No Magic Release"
2022x
Search vendor "3ds" for product "Teamwork Cloud No Magic Release" and version "2022x"
standard
Affected