CVE - CVE-2020-4040

CVE-ID
CVE-2020-4040	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8 FULLDISC:20200703 Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE URL:http://seclists.org/fulldisclosure/2020/Jul/4 MISC:http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html MISC:https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f MISC:https://github.com/bolt/bolt/pull/7853
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20191230	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20191230)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)