Description

Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.

Remediation

References

http://www.openwall.com/lists/oss-security/2017/08/16/5

http://www.securityfocus.com/bid/100410

Related Vulnerabilities

CVE-2020-2249 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2014-3623 Vulnerability in maven package wss4j:wss4j

CVE-2019-10371 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

CVE-2021-21290 Vulnerability in maven package io.netty:netty-common

CVE-2021-37137 Vulnerability in maven package io.netty:netty-codec

Severity

Critical

Classification

CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry