Cross-site Request Forgery (CSRF) Affecting openmct package, versions <3.1.1


Severity

0.0
medium
0
10

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.06% (23rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-OPENMCT-6054450
  • published 10 Nov 2023
  • disclosed 9 Nov 2023
  • credit Milenko Starcik, Andy Olchawa

How to fix?

Upgrade openmct to version 3.1.1 or higher.

Overview

openmct is an Open MCT core platform

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to improper input sanitization. An attacker can view sensitive information by exploiting this vulnerability.

CVSS Scores

version 3.1
Expand this section

Snyk

4.3 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    Low
  • Availability (A)
    None
Expand this section

NVD

6.5 medium