CVE-2023-25015

moderate-risk
Published 2023-02-02

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

Do I need to act?

-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Clockwork Web

Affected Vendors

Clockwork Web Project

References (6)

Patch https://github.com/ankane/clockwork_web/commit/ec2896503ee231588547c2fad4cb93a94...
Patch https://github.com/ankane/clockwork_web/compare/v0.1.1...v0.1.2
Issue Tracking https://github.com/ankane/clockwork_web/issues/4
Patch https://github.com/ankane/clockwork_web/commit/ec2896503ee231588547c2fad4cb93a94...
Patch https://github.com/ankane/clockwork_web/compare/v0.1.1...v0.1.2
Issue Tracking https://github.com/ankane/clockwork_web/issues/4
30
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal