CVE-2023-26248

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.

Related Vulnerabilities

CVE-2013-6365

MEDIUM
CVSS:5.3(Medium)

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

CWE-3522013

CVE-2018-10099

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns...

CWE-3522018

CVE-2018-19334

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axi...

CWE-3522018

CVE-2018-19335

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby ...

CWE-3522018

CVE-2019-1003017

MEDIUM
CVSS:5.3(Medium)

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentiall...

CWE-3522019

CVE-2019-19375

MEDIUM
CVSS:5.3(Medium)

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS version...

CWE-3522019