What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar rollbar allows Cross Site Request Forgery.This issue affects Rollbar: from n/a through <= 2.7.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar rollbar allows Cross Site Request Forgery.This issue affects Rollbar: from n/a through <= 2.7.1.
Explanation of Vulnerability in Simple Terms
Rollbar versions up to 2.7.1 are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in Rollbar user, performs unwanted actions on their account or project settings. The vulnerability requires user interaction—the victim must visit the attacker's page while authenticated to Rollbar. This can result in unauthorized modifications to project configuration or data.
What an attacker can do
Perform unauthorized actions on a Rollbar account or project by tricking a logged-in user into visiting a malicious webpage.
Potential impact on your site
If your team uses Rollbar for error tracking, an attacker could modify project settings, integrations, or access controls without authorization.
Conditions required to exploit
Victim must be logged into Rollbar and click a link or visit an attacker-controlled page.
Key dates
External resources
Related vulnerabilities