CVE-2020-11818: CSRF
First published: Thu Apr 16 2020(Updated: )
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =2.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-11818.
What is the severity rating of CVE-2020-11818?
CVE-2020-11818 has a severity rating of 8.8 (high).
What is the affected software for CVE-2020-11818?
The affected software for CVE-2020-11818 is Rukovoditel version 2.5.2.
What is the impact of CVE-2020-11818?
CVE-2020-11818 allows an attacker to change the Admin password and escalate their privileges through a CSRF attack.
Is there a fix available for CVE-2020-11818?
Yes, there is a fix available for CVE-2020-11818. It is recommended to update to a version of Rukovoditel that has addressed the vulnerability.
- collector/nvd-index
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/2.5.2