Advisory Information

  • Title: Lastline Portal Cross-Site Request Forgery (CSRF)
  • Advisory ID: SWRX-2015-002
  • Date published: Monday, June 8, 2015
  • CVE: CVE-2015-4125
  • CVSS v2 base score: 5.1
  • Date of last update: Monday, June 8, 2015
  • Vendors contacted: Lastline
  • Release mode: Coordinated
  • Discovered by: Dana James Traversie and Sean Wright, Dell SecureWorks

Summary

Lastline is a breach detection platform that provides administrative functionality and other features via a dedicated web application. There are multiple vulnerabilities in the Lastline Portal web application due to insufficient or missing CSRF defenses. An unauthenticated, remote attacker could conduct cross-site request forgery (CSRF) attacks by persuading a user to follow a malicious link or visit an attacker-controlled website.

Download the PDF: SWRX-2015-002

PGP Signature