Skip to content

Instantly share code, notes, and snippets.

@omriman067

omriman067/Casdoor Vulnerability Secret

Last active June 21, 2023 19:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save omriman067/4e90a3a4ffa40984f011d8777a995469 to your computer and use it in GitHub Desktop.
Save omriman067/4e90a3a4ffa40984f011d8777a995469 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Casdoor Vulnerability
CVE-2023-34927
Vulnerable Product Version: All versions of Casdoor up to and including v1.331.0
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Description: A cross-site request forgery (CSRF) vulnerability exists in all versions of Casdoor up to and including v1.331.0. The application does not have CSRF checks in in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment