CVE-2013-4555Cross-Site Request Forgery in Spip

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 54.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SpipDebian Spip
Timeline
PublishedNov 18
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/spip< spip 2.1.24-1 (bullseye)
Debianspip/spip< 2.1.24-1+2
NVDspip/spip2.1.23+45

Patches

Patch: core.spip.orgPatch: core.spip.org

🔴Vulnerability Details

2
GHSA
GHSA-52fv-pgw9-4xgg: Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout2022-05-17
OSV
CVE-2013-4555: Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout2013-11-18

📋Vendor Advisories

1
Debian
CVE-2013-4555: spip - Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in S...2013
CVE-2013-4555 — Cross-Site Request Forgery in Spip | cvebase