AdGuardHome vulnerable to Cross-Site Request Forgery
Moderate severity
GitHub Reviewed
Published
Oct 11, 2022
to the GitHub Advisory Database
•
Updated Oct 10, 2023
Package
Affected versions
>= 0.95, < 0.108.0-b.16
Patched versions
0.108.0-b.16
Description
Published by the National Vulnerability Database
Oct 11, 2022
Published to the GitHub Advisory Database
Oct 11, 2022
Reviewed
Oct 11, 2022
Last updated
Oct 10, 2023
In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.
The file that contains the vulnerable code is no longer present as of v0.108.0-b.16.
References