CVE-2021-46366: Cross-Site Request Forgery (CSRF)

February 12, 2022 (updated February 15, 2022)

An issue in the Login page of Magnolia CMS v6.2.3 allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users’ credentials.

References

docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html
github.com/advisories/GHSA-hxvf-35w8-f5mw
nvd.nist.gov/vuln/detail/CVE-2021-46366

Code Behaviors & Features

Detect and mitigate CVE-2021-46366 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →