orchest vulnerable to cross-site request forgery that allows control of a user instance
Description
Impact
In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.
Patch
Upgrade to v2022.09.10 to patch this vulnerability.
Workarounds
Rebuild and redeploy the Orchest auth-server with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d
References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html
For more information
If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2dmitrex_refsource_MISC
- github.com/orchest/orchest/pull/1324mitrex_refsource_MISC
- github.com/orchest/orchest/releases/tag/v2022.09.10mitrex_refsource_MISC
- github.com/orchest/orchest/security/advisories/GHSA-q44f-8jpw-qv4jmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.