CVE-2018-25060 — Vulnetix

CVE-2018-25060 PUBLISHED

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

EPSS 0.16% · 36.7th percentile

Risk Scores

EPSS Score

0.16%

36.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	golang-github-go-macaron-csrf	0, 0.0~git20170207.0.428b7c6-5
Ubuntu:18.04:LTS	golang-github-go-macaron-csrf	0.0~git20170207.0.428b7c6-4, 0.0~git20170207.0.428b7c6-1, 0.0~git20170207.0.428b7c6-2
Ubuntu:20.04:LTS	golang-github-go-macaron-csrf	0.0~git20170207.0.428b7c6-4, 0

Exploit Intelligence

https://vuldb.com/?id.217058 (circl)
https://vuldb.com/?ctiid.217058 (circl)
https://github.com/go-macaron/csrf/pull/7 (circl)
https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c (circl)

Timeline

Dec 30, 2022 CVE Published
Dec 31, 2022 EPSS Score
Jan 9, 2023 CVE Updated
Feb 10, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 24, 2023 EPSS Score
May 4, 2023 EPSS Score
Jun 14, 2023 EPSS Score
Jul 25, 2023 EPSS Score
Sep 5, 2023 EPSS Score
Oct 16, 2023 EPSS Score
Nov 26, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2018-25060 third-party-advisory
https://github.com/go-macaron/csrf/pull/7 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-25060 third-party-advisory

Open in Interactive Console →