CVE-2021-20786

MEDIUM

GroupSession 2.2.0-5.0.9 and GroupSession byCloud/ZION 3.0.3-5.0.9 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN86026700/index.html

Scores

CVSS v3 4.3
EPSS 0.0045
EPSS Percentile 36.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (3)
groupsession/groupsession 2.20 - 5.1.0
groupsession/groupsession_bycloud 3.0.3 - 5.1.0
groupsession/groupsession_zion 3.0.3 - 5.1.0
Published Jul 30, 2021
Tracked Since Feb 18, 2026