First published: Thu Nov 16 2023(Updated: )
An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the Prefect API.
An attacker is able to steal secrets and potentially gain remote code execution via CSRF using a self-hosted, open source Prefect API.
Credit: security@huntr.dev security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Prefect Prefect | ||
pip/prefect | >=2.0.0<2.14.3 | 2.14.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6022 is a vulnerability that allows an attacker to steal secrets and potentially gain remote code execution via Cross-Site Request Forgery (CSRF) using the Prefect API.
CVE-2023-6022 has a severity level of 8.8 (high).
CVE-2023-6022 allows an attacker to perform CSRF attacks by tricking a user into visiting a specially crafted website or clicking a malicious link, which then leads to the theft of secrets and potential remote code execution.
The Prefect software is affected by CVE-2023-6022.
To fix CVE-2023-6022, it is recommended to update Prefect to the latest version or apply any available patches or security updates provided by the vendor.