CVE-2008-0165 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ikiwiki	Ikiwiki

Configuration 1 [-]

cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445
http://ikiwiki.info/security/#index31h2
http://secunia.com/advisories/29907
http://secunia.com/advisories/29932
http://www.debian.org/security/2008/dsa-1553
http://www.vupen.com/english/advisories/2008/1297/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41904

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-20T18:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-01-09T00:00:00

Link: CVE-2008-0165

JSON object: View

NVD Information

Status : Modified

Published: 2008-04-21T13:05:00.000

Modified: 2017-08-08T01:29:23.510

Link: CVE-2008-0165

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1553", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1553"}, {"name": "29907", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29907"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"}, {"name": "29932", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29932"}, {"name": "ADV-2008-1297", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1297/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ikiwiki.info/security/#index31h2"}, {"name": "ikiwiki-change-password-csrf(41904)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0165", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1553", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1553"}, {"name": "29907", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29907"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"}, {"name": "29932", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29932"}, {"name": "ADV-2008-1297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1297/references"}, {"name": "http://ikiwiki.info/security/#index31h2", "refsource": "CONFIRM", "url": "http://ikiwiki.info/security/#index31h2"}, {"name": "ikiwiki-change-password-csrf(41904)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0165", "datePublished": "2008-04-20T18:00:00", "dateReserved": "2008-01-09T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}