High severity8.8NVD Advisory· Published Apr 9, 2018· Updated Jun 17, 2026
CVE-2018-9856
CVE-2018-9856
Description
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
KottiPyPI | < 1.3.2 | 1.3.2 |
KottiPyPI | >= 2.0.0a1, < 2.0.0b2 | 2.0.0b2 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/Kotti/Kotti/issues/551nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-3hq4-f2v6-q338ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-9856ghsaADVISORY
- github.com/Kotti/Kotti/commit/69d3c8a5d7203ddaec5ced5901acf87baddd76beghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/kotti/PYSEC-2018-10.yamlghsaWEB
News mentions
0No linked articles in our index yet.