•  
      request #21769 Missing CSRF protection for most administrative actions of a Git repository
    Infos
    #21769
    Thomas Gerbet (tgerbet)
    2021-08-17 17:29
    2021-06-07 10:09
    23359
    Details
    Missing CSRF protection for most administrative actions of a Git repository

    Impact

    An attacker could use this vulnerability to trick victims into doing some administrative actions to get access to the repo or to perform DoS. CVSSv3.1 score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)

    References

    CWE-352
    Cross-Site Request Forgery - OWASP

    SCM/Git
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2021-06-07
    Attachments
    Empty
    References

    Follow-ups