Descrição
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
Software
Não informado
Tipo Software
Core
CVE
CVE-2018-7634
Tags
Nâo informado
Data de publicação
01/03/2018
Última atualização
24/02/2022
Pontuação em CVSS 3.0
8.8
Alto