CVE-2023-4659: CSRF
First published: Mon Oct 02 2023(Updated: )
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.
Credit: cve-coordination@incibe.es cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Free5gc Free5gc | =1.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-4659?
CVE-2023-4659 is a Cross-Site Request Forgery vulnerability that allows an attacker to perform different actions on the platform as an administrator.
How does CVE-2023-4659 work?
CVE-2023-4659 allows an attacker to change the token value to "admin", enabling them to perform actions as an administrator.
What is the severity of CVE-2023-4659?
CVE-2023-4659 has a severity rating of 9.8 (Critical).
How can I fix CVE-2023-4659?
To fix CVE-2023-4659, ensure that the token value is properly validated and authenticated before allowing any actions on the platform.
Is there any additional information about CVE-2023-4659?
For more information about CVE-2023-4659, you can refer to the following link: [Cross-Site Request Forgery Free5GC](https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/free5gc
- canonical/free5gc free5gc
- version/free5gc free5gc/1.1.1