Home > Vulnerability Database > CVE-2021-41260

Mend.io Vulnerability Database

CVE-2021-41260

Good to know:

Date: December 16, 2021

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.

Language: PHP

Severity Score

8.2

Related Resources (5)

Url: https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5

Url: https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41260

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41260

Url: https://www.mend.io/vulnerability-database/CVE-2021-41260

Severity Score

8.2

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version 0.9.6

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41260

Good to know:

Date: December 16, 2021

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?