CVE-2009-1339

Published Apr 30, 2009

Last updated 8 years ago

CVSS info 6.0

Overview

Description: Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E38FC46-7F35-4777-87D8-124838860474",
            "versionEndIncluding": "4.3.0"
          },
          {
            "criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01"
          },
          {
            "criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D"
          },
          {
            "criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67"
          },
          {
            "criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9"
          },
          {
            "criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B"
          },
          {
            "criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References