CVE-2023-0870— Form Can Be Manipulated with Cross-Site Request Forgery (CSRF)

Form Can Be Manipulated with Cross-Site Request Forgery (CSRF)

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

跨站请求伪造(CSRF)

Opennms Group OpenNMS 跨站请求伪造漏洞

Opennms Group OpenNMS是美国Opennms Group公司的一套开源的企业级网络监视和网络管理平台。 OpenNMS Meridian、 Horizon存在跨站请求伪造漏洞，攻击者利用该漏洞可以访问机密信息并破坏完整性，以下产品和版本受到影响：Meridian 2023.1.1 之前版本、 Horizon 31.0.6之前版本。

N/A

N/A