First published: Thu Mar 01 2018(Updated: )
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | =9.17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7634 is a vulnerability in Enalean Tuleap 9.17 that allows attackers to perform CSRF attacks to change a user's registered email address, potentially leading to account takeover.
The severity of CVE-2018-7634 is rated as high, with a CVSS score of 8.8.
CVE-2018-7634 affects Enalean Tuleap 9.17 by not mitigating CSRF attacks when changing an email address, which can be exploited by attackers to abuse the functionality.
The CVE-2018-7634 vulnerability can be exploited by performing a CSRF attack to make a victim change their registered email address on the Enalean Tuleap 9.17 application.
Yes, a fix for CVE-2018-7634 is available. It is recommended to update Enalean Tuleap to a version that includes the necessary mitigation measures.