VYPR
Unrated severityNVD Advisory· Published Sep 30, 2022· Updated Apr 23, 2025

orchest vulnerable to cross-site request forgery that allows control of a user instance

CVE-2022-39268

Description

Impact

In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.

Patch

Upgrade to v2022.09.10 to patch this vulnerability.

Workarounds

Rebuild and redeploy the Orchest auth-server with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d

References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html

For more information

If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Orckestra/Orchestllm-fuzzy2 versions
    <2022.09.10+ 1 more
    • (no CPE)range: <2022.09.10
    • (no CPE)range: >=v2022.03.7

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.