CVE-2018-9856

Published: 2018-04-09T07:29Z

Last Modified: 2024-11-21T04:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt