First published: Mon Aug 23 2021(Updated: )
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
debian/ledgersmb | 1.6.9+ds-1+deb10u3 1.6.9+ds-2+deb11u3 1.6.33+ds-2.1 | |
Ledgersmb Ledgersmb | >=1.1.0<=1.1.12 | |
Ledgersmb Ledgersmb | >=1.2.0<=1.2.26 | |
Ledgersmb Ledgersmb | >=1.3.0<=1.3.47 | |
Ledgersmb Ledgersmb | >=1.4.0<=1.4.42 | |
Ledgersmb Ledgersmb | >=1.5.0<=1.5.30 | |
Ledgersmb Ledgersmb | >=1.6.0<=1.6.33 | |
Ledgersmb Ledgersmb | >=1.7.0<=1.7.32 | |
Ledgersmb Ledgersmb | >=1.8.0<=1.8.17 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3731 is a vulnerability in LedgerSMB that allows attackers to exploit clickjacking.
CVE-2021-3731 affects LedgerSMB by making it vulnerable to clickjacking attacks.
Clickjacking is a technique used by attackers to trick users into clicking on unintended actions while interacting with a website.
CVE-2021-3731 has a severity rating of 4.7.
To fix CVE-2021-3731, update LedgerSMB to versions 1.6.9+ds-1+deb10u3, 1.6.9+ds-2+deb11u3, or 1.6.33+ds-2.1.