What is CVE-2022-35943?

CVE-2022-35943 is a medium-severity vulnerability in Codeigniter4 Shield, classified under Cross-Site Request Forgery (CSRF). CVSS score: 5.9/10. Published 2022-08-12.

How severe is CVE-2022-35943?

Medium severity. CVSS v3 base score is 5.9 out of 10.

CSRF in Codeigniter4 Shield

CVE-2022-35943

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/u…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (35.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L.

Affected products

Codeigniter4 Shield — versions > 4.3.2, > v1.0.0-beta.2

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq (x_refsource_CONFIRM)
codeigniter4.github.io/userguide/libraries/security.htm (x_refsource_MISC)
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite (x_refsource_MISC)
jub0bs.com/posts/2021-01-29-great-samesite-confusion (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-35943?: CVE-2022-35943 is a medium-severity vulnerability in Codeigniter4 Shield, classified under Cross-Site Request Forgery (CSRF). CVSS score: 5.9/10. Published 2022-08-12.
How severe is CVE-2022-35943?: Medium severity. CVSS v3 base score is 5.9 out of 10.