Vulnerability-Lookup

CVE-2008-0165 (GCVE-0-2008-0165)

Vulnerability from cvelistv5 – Published: 2008-04-20 18:00 – Updated: 2024-08-07 07:39

Summary

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
http://www.debian.org/security/2008/dsa-1553	vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/29907	third-party-advisoryx_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445	x_refsource_CONFIRM
http://secunia.com/advisories/29932	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1297…	vdb-entryx_refsource_VUPEN
http://ikiwiki.info/security/#index31h2	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Date Public

2008-04-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:34.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1553",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1553"
          },
          {
            "name": "29907",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29907"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
          },
          {
            "name": "29932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29932"
          },
          {
            "name": "ADV-2008-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1297/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ikiwiki.info/security/#index31h2"
          },
          {
            "name": "ikiwiki-change-password-csrf(41904)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1553",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1553"
        },
        {
          "name": "29907",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29907"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
        },
        {
          "name": "29932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29932"
        },
        {
          "name": "ADV-2008-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1297/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ikiwiki.info/security/#index31h2"
        },
        {
          "name": "ikiwiki-change-password-csrf(41904)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1553",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1553"
            },
            {
              "name": "29907",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29907"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
            },
            {
              "name": "29932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29932"
            },
            {
              "name": "ADV-2008-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1297/references"
            },
            {
              "name": "http://ikiwiki.info/security/#index31h2",
              "refsource": "CONFIRM",
              "url": "http://ikiwiki.info/security/#index31h2"
            },
            {
              "name": "ikiwiki-change-password-csrf(41904)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0165",
    "datePublished": "2008-04-20T18:00:00.000Z",
    "dateReserved": "2008-01-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:39:34.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-0165",
      "date": "2026-06-05",
      "epss": "0.00242",
      "percentile": "0.47718"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.41\", \"matchCriteriaId\": \"FFB7C1FD-F2FF-4B1F-9B29-B5CE7A9BB32E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de falsificaci\\u00f3n de petici\\u00f3n en sitios cruzados (CSRF) en Ikiwiki versiones anteriores a 2.42 permite a atacantes remotos modificar preferencias de usuarios, incluyendo contrase\\u00f1as, a trav\\u00e9s de los formularios (1) preferences y (2) edit.\"}]",
      "id": "CVE-2008-0165",
      "lastModified": "2024-11-21T00:41:19.170",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-04-21T13:05:00.000",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ikiwiki.info/security/#index31h2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29907\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29932\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1553\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1297/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41904\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ikiwiki.info/security/#index31h2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29907\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29932\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1297/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0165\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-04-21T13:05:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Ikiwiki versiones anteriores a 2.42 permite a atacantes remotos modificar preferencias de usuarios, incluyendo contrase\u00f1as, a trav\u00e9s de los formularios (1) preferences y (2) edit.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.41\",\"matchCriteriaId\":\"FFB7C1FD-F2FF-4B1F-9B29-B5CE7A9BB32E\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ikiwiki.info/security/#index31h2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29907\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29932\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1553\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1297/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41904\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ikiwiki.info/security/#index31h2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1297/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-0165

Vulnerability from fkie_nvd - Published: 2008-04-21 13:05 - Updated: 2026-04-23 00:35

Severity

Summary

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

References

	URL	Tags
	cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445
	cve@mitre.org	http://ikiwiki.info/security/#index31h2
	cve@mitre.org	http://secunia.com/advisories/29907
	cve@mitre.org	http://secunia.com/advisories/29932
	cve@mitre.org	http://www.debian.org/security/2008/dsa-1553
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/1297/references
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41904
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445
	af854a3a-2127-422b-91ae-364da2661108	http://ikiwiki.info/security/#index31h2
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29907
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29932
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1553
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1297/references
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41904

Impacted products

	Vendor	Product	Version
	ikiwiki	ikiwiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFB7C1FD-F2FF-4B1F-9B29-B5CE7A9BB32E",
              "versionEndIncluding": "2.41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Ikiwiki versiones anteriores a 2.42 permite a atacantes remotos modificar preferencias de usuarios, incluyendo contrase\u00f1as, a trav\u00e9s de los formularios (1) preferences y (2) edit."
    }
  ],
  "id": "CVE-2008-0165",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-21T13:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ikiwiki.info/security/#index31h2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29907"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29932"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1553"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1297/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ikiwiki.info/security/#index31h2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1297/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X687-7FXP-PCGF

Vulnerability from github – Published: 2022-05-01 23:28 – Updated: 2022-05-01 23:28

Details

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-21T13:05:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.",
  "id": "GHSA-x687-7fxp-pcgf",
  "modified": "2022-05-01T23:28:05Z",
  "published": "2022-05-01T23:28:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0165"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
    },
    {
      "type": "WEB",
      "url": "http://ikiwiki.info/security/#index31h2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29907"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29932"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1553"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1297/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0165

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

Aliases

CVE-2008-0165

Aliases

CVE-2008-0165

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0165",
    "description": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.",
    "id": "GSD-2008-0165",
    "references": [
      "https://www.debian.org/security/2008/dsa-1553"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0165"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.",
      "id": "GSD-2008-0165",
      "modified": "2023-12-13T01:22:58.312413Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0165",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-1553",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1553"
          },
          {
            "name": "29907",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29907"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
          },
          {
            "name": "29932",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29932"
          },
          {
            "name": "ADV-2008-1297",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1297/references"
          },
          {
            "name": "http://ikiwiki.info/security/#index31h2",
            "refsource": "CONFIRM",
            "url": "http://ikiwiki.info/security/#index31h2"
          },
          {
            "name": "ikiwiki-change-password-csrf(41904)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.41",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0165"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
            },
            {
              "name": "DSA-1553",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1553"
            },
            {
              "name": "http://ikiwiki.info/security/#index31h2",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ikiwiki.info/security/#index31h2"
            },
            {
              "name": "29907",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29907"
            },
            {
              "name": "29932",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29932"
            },
            {
              "name": "ADV-2008-1297",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1297/references"
            },
            {
              "name": "ikiwiki-change-password-csrf(41904)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-04-21T13:05Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0165 (GCVE-0-2008-0165)

FKIE_CVE-2008-0165

GHSA-X687-7FXP-PCGF

GSD-2008-0165

Tags

Sightings

Nomenclature