TROYANOSYVIRUS
Volver a CVEs

CVE-2023-45884

MEDIUM
6.5

Descripcion

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.

Detalles CVE

Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado11/9/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

nasa:openmct

Debilidades (CWE)

CWE-352

Referencias

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f(cve@mitre.org)
https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.