Home > Vulnerability Database > WS-2020-0421

Mend.io Vulnerability Database

WS-2020-0421

Good to know:

Date: October 9, 2020

An attacker can send the CSRF file to the victim or host it on a website. Setting the session expiry in middleware has side effects of doing a session change in every request, which is not desired. It also forces session creation when there is no session needed. The logic is now reverse - the session's default to shorter lifespan, which is used for anonymous sessions, and authenticated ones have separate settings to set their validity which is set on login. The session has to exist at this point and we are changing it just once per session lifetime. Fixed in Weblate 4.3

Language: Python

Severity Score

4.3

Related Resources (2)

Url: https://github.com/WeblateOrg/weblate/commit/8c2ff43dc55d924e272b57289606d02301962d99

Url: https://www.mend.io/vulnerability-database/WS-2020-0421

Severity Score

4.3

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version Weblate - 4.3

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2020-0421

Good to know:

Date: October 9, 2020

Language: Python

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?