High severityNVD Advisory· Published Jun 8, 2020· Updated Aug 4, 2024
CSRF issue on preview pages in Bolt CMS
CVE-2020-4040
Description
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bolt/boltPackagist | < 3.7.1 | 3.7.1 |
Affected products
2- bolt/boltv5Range: < 3.7.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-2q66-6cc3-6xm8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-4040ghsaADVISORY
- packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.htmlghsax_refsource_MISCWEB
- seclists.org/fulldisclosure/2020/Jul/4ghsamailing-listx_refsource_FULLDISCWEB
- github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419fghsax_refsource_MISCWEB
- github.com/bolt/bolt/pull/7853ghsax_refsource_MISCWEB
- github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.