How severe is CVE-2023-6022?

CVE-2023-6022 has a severity level of 8.8 (high).

How does CVE-2023-6022 work?

CVE-2023-6022 allows an attacker to perform CSRF attacks by tricking a user into visiting a specially crafted website or clicking a malicious link, which then leads to the theft of secrets and potential remote code execution.

What software is affected by CVE-2023-6022?

The Prefect software is affected by CVE-2023-6022.

Is there a fix for CVE-2023-6022?

To fix CVE-2023-6022, it is recommended to update Prefect to the latest version or apply any available patches or security updates provided by the vendor.

Vulnerability/
CVE-2023-6022

high

8.8

CWE

352

EPSS

0.136%

16/11/2023

2/8/2024

CVE-2023-6022: Cross-Site Request Forgery (CSRF) in prefecthq/prefect

Q: What is CVE-2023-6022?

CVE-2023-6022 is a vulnerability that allows an attacker to steal secrets and potentially gain remote code execution via Cross-Site Request Forgery (CSRF) using the Prefect API.

First published: Thu Nov 16 2023(Updated: )

An attacker is able to steal secrets and potentially gain remote code execution via CSRF using a self-hosted, open source Prefect API.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
pip/prefect	>=2.0.0<2.16.5	2.16.5
Prefect

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-6022?
CVE-2023-6022 is a vulnerability that allows an attacker to steal secrets and potentially gain remote code execution via Cross-Site Request Forgery (CSRF) using the Prefect API.
How severe is CVE-2023-6022?
CVE-2023-6022 has a severity level of 8.8 (high).
How does CVE-2023-6022 work?
CVE-2023-6022 allows an attacker to perform CSRF attacks by tricking a user into visiting a specially crafted website or clicking a malicious link, which then leads to the theft of secrets and potential remote code execution.
What software is affected by CVE-2023-6022?
The Prefect software is affected by CVE-2023-6022.
Is there a fix for CVE-2023-6022?
To fix CVE-2023-6022, it is recommended to update Prefect to the latest version or apply any available patches or security updates provided by the vendor.

agent/author
agent/type
agent/first-publish-date
agent/weakness
agent/event
collector/epss-latest
source/FIRST
agent/epss
agent/softwarecombine
agent/title
agent/references
collector/github-advisory-latest
source/GitHub
alias/GHSA-4hh5-2678-83fx
alias/CVE-2023-6022
agent/software-canonical-lookup
agent/severity
agent/description
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/pip
vendor/prefect
canonical/prefect

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.