CVE-2020-4040 : Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating e

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1

Published 2020-06-08 22:15:11

Updated 2022-10-07 01:25:12

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2020-4040

Boltcms » Bolt
Versions before (<) 3.7.1
cpe:2.3:a:boltcms:bolt:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-4040

EPSS FAQ

2.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-4040

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	3.9	4.0	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2020-4040

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Assigned by:
- nvd@nist.gov (Secondary)
- security-advisories@github.com (Primary)

References for CVE-2020-4040

https://github.com/bolt/bolt/pull/7853

Check CSRF on Preview page by bobdenotter · Pull Request #7853 · bolt/bolt · GitHub
Patch;Third Party Advisory

CVEs referencing this url
https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8

CSRF issue on preview pages · Advisory · bolt/bolt · GitHub
Patch;Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/4

Full Disclosure: Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE
Exploit;Mailing List;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html

Bolt CMS 3.7.0 XSS / CSRF / Shell Upload ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f

Merge pull request #7853 from bolt/fix/csrf-check-on-preview · bolt/bolt@b42cbfc · GitHub
Patch;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-4040

Products affected by CVE-2020-4040

Exploit prediction scoring system (EPSS) score for CVE-2020-4040

CVSS scores for CVE-2020-4040

CWE ids for CVE-2020-4040

References for CVE-2020-4040