Home > Vulnerability Database > WS-2022-0248

Mend.io Vulnerability Database

WS-2022-0248

Good to know:

Date: August 4, 2022

The administrative /api/users registration endpoint in plankanban/planka is vulnerable to a Cross-Site Request Forgery (CSRF) attack due to the lack of any kind of anti-CSRF token verification. An attacker can gain access to the platform via the newly created account without the administrator knowledge. This issue is fixed in v1.6.0.

Language: JS

Severity Score

4.5

Related Resources (2)

Url: https://github.com/plankanban/planka/commit/7786533a90c454163d12fbdaa1898ba150ef117d

Url: https://www.mend.io/vulnerability-database/WS-2022-0248

Severity Score

4.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version v1.6.0

Learn More

CVSS v3.1

Base Score:	4.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0248

Good to know:

Date: August 4, 2022

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?