CVE-2023-28361 - AskarLabs CVE Database

CVE-2023-28361

Vendor N/A

Product UniFi OS

Weakness CWE-352 · CSRF

Published May 11, 2023

Last update January 27, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.

Key dates

02Disclosure timeline

May 11, 2023 CVE published

January 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-28361 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-49794 IBM ApplinX Cross-Site Request Forgery CVE-2023-27632 WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-44232 WordPress WP Hide Pages Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks CVE-2023-25051 WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)