Primary

Context

BOINC Server Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in BOINC Server versions prior to 1.4.3. This vulnerability allows for account takeover by enabling an attacker to change a user's password through the edit_passwd_action.php endpoint.

Impact

Exploitation of this vulnerability allows for account takeover by unauthorized password modification, potentially leading to hijacking of accounts with higher privileges.

Reproduction

To reproduce this vulnerability, a logged-in user must be tricked into opening a crafted HTML form that submits a password change request to the edit_passwd_action.php endpoint. The form should include a hidden input with the new password value. Once the form is submitted, the password change is processed, allowing the attacker to take over the account.

Remediation

Users are advised to update to the latest version of BOINC Server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BOINC Server Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating