CVE-2023-28335
Description
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
CWE
- CWE-352 — Cross-Site Request Forgery (CSRF)
Affected
- / — v=4.1.0 <4.1.2 [affected]
CVSS
- (none)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2179424 issue-tracking, x_refsource_REDHAT
- https://moodle.org/mod/forum/discuss.php?d=445067
Source
cvelistV5-main/cves/2023/28xxx/CVE-2023-28335.json