漏洞标题
N/A
漏洞描述信息
TruDesk Help Desk/Ticketing Solution v1.1.11版本存在跨站请求伪造(CSRF)漏洞,这将允许攻击者重启服务器,导致拒绝服务(DoS)攻击。攻击者必须设计一个网页,使其执行对/api/v1/admin/restart终结点的GET请求,然后受害者(拥有足够权限)访问该页面,服务器重启将开始。攻击者必须知道TruDesk所在的完整URL,才能设计出该网页。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
漏洞类别
跨站请求伪造(CSRF)
漏洞标题
N/A
漏洞描述信息
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Trudesk 安全漏洞
漏洞描述信息
Trudesk是Trudesk公司的一个开源帮助台/票务解决方案。 TruDesk Help Desk/Ticketing Solution v1.1.11版本存在安全漏洞。攻击者利用该漏洞可以重启服务器,从而引发拒绝服务攻击。
CVSS信息
N/A
漏洞类别
其他