Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3589

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.

Published

2023-10-09T09:15:10.507

Last Modified

2024-11-21T08:17:36.953

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-352
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	3ds	teamwork_cloud_no_magic_release	2021x	Yes
Application	3ds	teamwork_cloud_no_magic_release	2022x	Yes
Application	3ds	teamwork_cloud_no_magic_release	2021x	Yes
Application	3ds	teamwork_cloud_no_magic_release	2022x	Yes
Application	3ds	teamwork_cloud_no_magic_release	2021x	Yes
Application	3ds	teamwork_cloud_no_magic_release	2022x	Yes
Application	3ds	teamwork_cloud_no_magic_release	2021x	Yes
Application	3ds	teamwork_cloud_no_magic_release	2022x	Yes

References

https://www.3ds.com/vulnerability/advisories Issue Tracking, Vendor Advisory ([email protected])
https://www.3ds.com/vulnerability/advisories Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)