What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.
Explanation of Vulnerability in Simple Terms
Fastly versions up to 1.2.28 contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious webpage that, when visited by a logged-in Fastly user, performs unwanted actions on their account without their knowledge. The vulnerability requires the victim to visit the attacker's page while authenticated to Fastly. Update to version 1.2.29 or later to resolve this issue.
What an attacker can do
Perform unwanted actions on a victim's Fastly account by tricking them into visiting a malicious webpage.
Potential impact on your site
If you use Fastly, an attacker could modify your CDN configuration or settings without your consent.
Conditions required to exploit
Victim must be logged into Fastly and visit an attacker-controlled webpage.
Key dates
External resources