data/reports/GO-2022-0563.yaml - vulndb - Git at Google

 id: GO-2022-0563
 modules:
     - module: github.com/filebrowser/filebrowser/v2
       versions:
         - fixed: 2.18.0
       vulnerable_at: 2.17.2
       packages:
         - package: github.com/filebrowser/filebrowser/v2/http
           symbols:
             - NewHandler
 summary: Cross-site request forgery in github.com/filebrowser/filebrowser/v2
 description: |-
     A Cross-Site Request Forgery vulnerability exists in Filebrowser that allows
     attackers to create a backdoor user with admin privilege and get access to the
     filesystem via a malicious HTML webpage that is sent to the victim.
 published: 2022-02-05T00:00:31Z
 cves:
     - CVE-2021-46398
 ghsas:
     - GHSA-72wf-hwcq-65h9
 credits:
     - Febin
 references:
     - fix: https://github.com/filebrowser/filebrowser/commit/74b7cd8e81840537a8206317344f118093153e8d
     - web: https://github.com/filebrowser/filebrowser/issues/1621
     - web: https://systemweakness.com/critical-csrf-to-rce-in-filebrowser-865a3c34b8e7
	id: GO-2022-0563
	modules:
	- module: github.com/filebrowser/filebrowser/v2
	versions:
	- fixed: 2.18.0
	vulnerable_at: 2.17.2
	packages:
	- package: github.com/filebrowser/filebrowser/v2/http
	symbols:
	- NewHandler
	summary: Cross-site request forgery in github.com/filebrowser/filebrowser/v2
	description: \|-
	A Cross-Site Request Forgery vulnerability exists in Filebrowser that allows
	attackers to create a backdoor user with admin privilege and get access to the
	filesystem via a malicious HTML webpage that is sent to the victim.
	published: 2022-02-05T00:00:31Z
	cves:
	- CVE-2021-46398
	ghsas:
	- GHSA-72wf-hwcq-65h9
	credits:
	- Febin
	references:
	- fix: https://github.com/filebrowser/filebrowser/commit/74b7cd8e81840537a8206317344f118093153e8d
	- web: https://github.com/filebrowser/filebrowser/issues/1621
	- web: https://systemweakness.com/critical-csrf-to-rce-in-filebrowser-865a3c34b8e7