CVE-2023-38759
Summary
| CVE | CVE-2023-38759 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-08-08 16:15:00 UTC |
|---|
| Updated | 2023-08-11 16:06:00 UTC |
|---|
| Description | Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Wger |
Workout Manager |
2.2.0 |
a3 |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| GitHub - 0x72303074/CVE-Disclosures |
MISC |
github.com |
|
| wger Workout Manager - Features |
MISC |
wger.de |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 994908 Python (Pip) Security Update for wger (GHSA-wrw3-qmqw-4x9w)
