CVE-ID: CVE-2022-35613

Konker Platform is an Open Source Platform for the Internet of Things (IoT).  The platform v2.3.9 and below are vulnerable to cross-site request forgery attacks.

CSRF protection is disabled: http.csrf().disable()

URL: https://github.com/KonkerLabs/konker-platform/blob/007a3eebb45a0d29581abd84322b799bc4c542d1/konker.registry.data.core/src/main/java/com/konkerlabs/platform/registry/data/core/config/SecurityConfig.java#L87

References: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html

Popular posts from this blog

CVE-ID: CVE-2022-35135, CVE-2022-35136

CVE-ID: CVE-2022-35134

CVE-ID: CVE-2022-34022