| CVE编号 | CVE-2025-27912 |
|---|---|
| 发布日期 | 2025-03-11T00:00:00.000Z |
| 更新日期 | 2025-03-11T13:20:54.633Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | Datalust |
| 受影响的产品 | Seq |
| 描述 | An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user. |
参考链接:
