CVE-2023-4659 CRITICAL

CVE-2023-4659: Cross-Site Request Forgery in Free5Gc

Vendor Free5Gc

Product Open5Gc

Weakness CWE-352 · CSRF

Published October 2, 2023

Last update September 20, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.

Key dates

02Disclosure timeline

October 2, 2023 CVE published

September 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4659 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-6959 Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui CVE-2025-31880 WordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-0681 Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2025-58013 WordPress CouponXxL Theme <= 4.5.0 - Cross Site Request Forgery (CSRF) Vulnerability