Vulnerability — CVE-2023-49076

CVE-2023-49076

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-49076
Description:: Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.
Last updated date:: 12/05/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/05/2023
Reference url to background: https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-xx63-4jr8-9ghc