CVE-2024-41811 LOW

CVE-2024-41811: ipl/web susceptible to Cross-Site Request Forgery (CSRF)

Vendor Icinga
Product ipl-web
Weakness CWE-352 · CSRF
Published August 5, 2024
Last update August 6, 2024

CVSS base score

3.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.

Key dates

02Disclosure timeline

August 5, 2024 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE