|
| Description: | | Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. |
|
| Impact: | | An attacker can launch a cross-site request forgery in the context of the affected software. Arbitrary script transmitted from a user that the software trusts can be executed in a successful exploit attempt. |
|
| Affected OS: | | Windows, Linux, Others |
|
| Reference: | | https://gist.github.com/omriman067/4e90a3a4ffa40984f011d8777a995469
https://casdoor.org/
https://github.com/casdoor/casdoor/issues/1531
https://cxsecurity.com/cveshow/CVE-2023-34927/
|
|