CVE-2018-9856
- Source
- https://cve.org/CVERecord?id=CVE-2018-9856
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-9856.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-9856
- Aliases
- Published
- 2018-04-09T07:29:00.233Z
- Modified
- 2025-11-14T09:00:52.086853Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
- References
Affected packages
Git / github.com/kotti/kotti
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kotti/kotti
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.1
0.10a1
0.10a2
0.10a3
0.10a4
0.10b1
0.1a8
0.2.10
0.2.3
0.2.5
0.2.6
0.2.7
0.2a1
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.0
0.5.0a1
0.5.0a2
0.5.0a3
0.5.0a4
0.5.0a5
0.5.0a6
0.5.0rc1
0.5.0rc2
0.5.1
0.5.2
0.6.0
0.6.0b1
0.6.0b2
0.6.0b3
0.6.1
0.6.2
0.6.3
0.7
0.7.1
0.7.2
0.7a1
0.7a2
0.7a3
0.7a4
0.7a5
0.7a6
0.7rc1
0.8a1
0.8a2
0.8b1
0.8b2
0.9
0.9.1
0.9a1
0.9a2
0.9b1
0.9b2
1.*
1.0
1.0.0-alpha
1.0.0-alpha.2
1.0.0-alpha.3
1.0.0-alpha.4
1.1.0
1.1.0-alpha.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.0-alpha.1
1.3.0-alpha.2
1.3.0-alpha.3
1.3.0-alpha.4
1.3.1
2.*
2.0.0.alpha1
2.0.0b1