CVE-2023-6022: Cross-Site Request Forgery (CSRF)

November 16, 2023 (updated November 27, 2023)

An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the Prefect API.

References

github.com/advisories/GHSA-4hh5-2678-83fx
huntr.com/bounties/dab47d99-551c-4355-9ab1-c99cb90235af
nvd.nist.gov/vuln/detail/CVE-2023-6022

Detect and mitigate CVE-2023-6022 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →