Moderate severityNVD Advisory· Published Jun 22, 2023· Updated Dec 4, 2024
CVE-2023-34927
CVE-2023-34927
Description
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/casdoor/casdoorGo | <= 1.331.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-rwcp-qrwg-56cgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-34927ghsaADVISORY
- casdoor.orgghsaWEB
- gist.github.com/omriman067/4e90a3a4ffa40984f011d8777a995469ghsaWEB
- github.com/casdoor/casdoor/issues/1531ghsaWEB
- casdoor.orgmitre
News mentions
0No linked articles in our index yet.