Polyaxon Cross-Site Request Forgery Vulnerability in Project Management Features

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in Polyaxon version 2.4.0. This vulnerability allows attackers to execute unauthorized actions within the victim's browser session. Affected users could unintentionally create or modify projects, model versions, and artifact versions, or change settings. Such actions could lead to data loss and disruptions in service.

Impact

Exploitation of this vulnerability could result in unauthorized project management actions, including the creation and modification of projects, model versions, and artifact versions, potentially leading to data loss and service interruptions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Polyaxon Cross-Site Request Forgery Vulnerability in Project Management Features

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating