{"id":"CVE-2023-34927","details":"Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.","aliases":["GHSA-rwcp-qrwg-56cg"],"modified":"2025-11-20T12:18:02.985177Z","published":"2023-06-22T13:15:10.383Z","references":[{"type":"WEB","url":"https://casdoor.org/"},{"type":"ADVISORY","url":"https://gist.github.com/omriman067/4e90a3a4ffa40984f011d8777a995469"},{"type":"EVIDENCE","url":"https://github.com/casdoor/casdoor/issues/1531"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/casdoor/casdoor","events":[{"introduced":"0"},{"last_affected":"e1c0af345f6edbf0d88596b88223b1f972e02940"}]}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.1.0","v1.10.0","v1.10.1","v1.10.2","v1.100.0","v1.101.0","v1.101.1","v1.101.2","v1.102.0","v1.103.0","v1.103.1","v1.104.0","v1.104.1","v1.104.2","v1.105.0","v1.105.1","v1.105.2","v1.106.0","v1.107.0","v1.108.0","v1.109.0","v1.11.0","v1.11.1","v1.110.0","v1.110.1","v1.111.0","v1.111.1","v1.111.2","v1.112.0","v1.113.0","v1.113.1","v1.114.0","v1.115.0","v1.116.0","v1.116.1","v1.117.0","v1.118.0","v1.118.1","v1.118.2","v1.119.0","v1.119.1","v1.12.0","v1.12.1","v1.12.2","v1.120.0","v1.121.0","v1.122.0","v1.122.1","v1.122.2","v1.123.0","v1.124.0","v1.125.0","v1.126.0","v1.126.1","v1.127.0","v1.128.0","v1.128.1","v1.129.0","v1.13.0","v1.13.1","v1.13.2","v1.130.0","v1.130.1","v1.130.2","v1.131.0","v1.131.1","v1.131.2","v1.132.0","v1.132.1","v1.133.0","v1.134.0","v1.134.1","v1.135.0","v1.136.0","v1.137.0","v1.138.0","v1.139.0","v1.14.0","v1.14.1","v1.140.0","v1.140.1","v1.141.0","v1.142.0","v1.142.1","v1.143.0","v1.143.1","v1.144.0","v1.144.1","v1.145.0","v1.146.0","v1.146.1","v1.147.0","v1.148.0","v1.149.0","v1.15.0","v1.15.1","v1.15.2","v1.15.3","v1.15.4","v1.150.0","v1.151.0","v1.151.1","v1.151.2","v1.152.0","v1.152.1","v1.153.0","v1.154.0","v1.155.0","v1.155.1","v1.155.2","v1.156.0","v1.157.0","v1.157.1","v1.157.2","v1.158.0","v1.159.0","v1.16.0","v1.16.1","v1.16.2","v1.16.3","v1.16.4","v1.16.5","v1.16.6","v1.160.0","v1.161.0","v1.162.0","v1.163.0","v1.164.0","v1.164.1","v1.165.0","v1.166.0","v1.166.1","v1.167.0","v1.168.0","v1.168.1","v1.169.0","v1.17.0","v1.170.0","v1.170.1","v1.170.2","v1.171.0","v1.171.1","v1.171.2","v1.172.0","v1.173.0","v1.173.1","v1.173.2","v1.174.0","v1.175.0","v1.175.1","v1.176.0","v1.177.0","v1.178.0","v1.179.0","v1.18.0","v1.180.0","v1.180.1","v1.181.0","v1.182.0","v1.182.1","v1.182.2","v1.183.0","v1.183.1","v1.184.0","v1.184.1","v1.185.0","v1.186.0","v1.187.0","v1.188.0","v1.188.1","v1.189.0","v1.19.0","v1.19.1","v1.19.2","v1.190.0","v1.191.0","v1.192.0","v1.193.0","v1.194.0","v1.195.0","v1.196.0","v1.196.1","v1.197.0","v1.198.0","v1.199.0","v1.199.1","v1.2.0","v1.20.0","v1.20.1","v1.20.2","v1.200.0","v1.201.0","v1.202.0","v1.203.0","v1.203.1","v1.204.0","v1.205.0","v1.206.0","v1.207.0","v1.208.0","v1.209.0","v1.21.0","v1.21.1","v1.210.0","v1.211.0","v1.212.0","v1.213.0","v1.213.1","v1.214.0","v1.215.0","v1.216.0","v1.217.0","v1.218.0","v1.219.0","v1.22.0","v1.220.0","v1.220.1","v1.221.0","v1.222.0","v1.223.0","v1.224.0","v1.225.0","v1.226.0","v1.226.1","v1.227.0","v1.228.0","v1.228.1","v1.229.0","v1.23.0","v1.23.1","v1.23.2","v1.230.0","v1.231.0","v1.232.0","v1.233.0","v1.234.0","v1.235.0","v1.236.0","v1.237.0","v1.238.0","v1.239.0","v1.24.0","v1.24.1","v1.240.0","v1.240.1","v1.240.2","v1.240.3","v1.241.0","v1.242.0","v1.242.1","v1.243.0","v1.244.0","v1.245.0","v1.245.1","v1.246.0","v1.246.1","v1.247.0","v1.248.0","v1.249.0","v1.25.0","v1.25.1","v1.25.2","v1.250.0","v1.250.1","v1.251.0","v1.252.0","v1.252.1","v1.253.0","v1.254.0","v1.254.1","v1.255.0","v1.255.1","v1.256.0","v1.256.1","v1.257.0","v1.258.0","v1.259.0","v1.26.0","v1.260.0","v1.261.0","v1.262.0","v1.262.1","v1.263.0","v1.264.0","v1.264.1","v1.265.0","v1.265.1","v1.266.0","v1.267.0","v1.268.0","v1.269.0","v1.27.0","v1.27.1","v1.27.2","v1.27.3","v1.27.4","v1.27.5","v1.27.6","v1.270.0","v1.270.1","v1.271.0","v1.272.0","v1.273.0","v1.274.0","v1.275.0","v1.276.0","v1.277.0","v1.278.0","v1.278.1","v1.279.0","v1.28.0","v1.280.0","v1.281.0","v1.282.0","v1.283.0","v1.284.0","v1.284.1","v1.285.0","v1.286.0","v1.287.0","v1.288.0","v1.288.1","v1.289.0","v1.289.1","v1.29.0","v1.29.1","v1.29.2","v1.290.0","v1.290.1","v1.291.0","v1.291.1","v1.292.0","v1.292.1","v1.293.0","v1.294.0","v1.295.0","v1.296.0","v1.297.0","v1.297.1","v1.298.0","v1.299.0","v1.299.1","v1.299.2","v1.3.0","v1.30.0","v1.30.1","v1.30.2","v1.30.3","v1.30.4","v1.30.5","v1.300.0","v1.301.0","v1.301.1","v1.302.0","v1.302.1","v1.302.2","v1.302.3","v1.303.0","v1.304.0","v1.305.0","v1.305.1","v1.306.0","v1.307.0","v1.308.0","v1.309.0","v1.31.0","v1.310.0","v1.311.0","v1.311.1","v1.312.0","v1.313.0","v1.314.0","v1.315.0","v1.315.1","v1.316.0","v1.316.1","v1.317.0","v1.318.0","v1.318.1","v1.319.0","v1.32.0","v1.32.1","v1.32.2","v1.32.3","v1.32.4","v1.320.0","v1.320.1","v1.321.0","v1.322.0","v1.322.1","v1.323.0","v1.323.1","v1.323.2","v1.324.0","v1.325.0","v1.326.0","v1.326.1","v1.327.0","v1.328.0","v1.329.0","v1.329.1","v1.33.0","v1.33.1","v1.33.2","v1.33.3","v1.33.4","v1.330.0","v1.331.0","v1.34.0","v1.34.1","v1.35.0","v1.35.1","v1.36.0","v1.36.1","v1.36.2","v1.37.0","v1.37.1","v1.37.2","v1.38.0","v1.39.0","v1.4.0","v1.40.0","v1.41.0","v1.41.1","v1.42.0","v1.43.0","v1.44.0","v1.44.1","v1.44.2","v1.44.3","v1.44.4","v1.44.5","v1.44.6","v1.44.7","v1.44.8","v1.44.9","v1.45.0","v1.46.0","v1.47.0","v1.47.1","v1.47.2","v1.48.0","v1.49.0","v1.49.1","v1.5.0","v1.50.0","v1.51.0","v1.52.0","v1.53.0","v1.54.0","v1.54.1","v1.54.2","v1.54.3","v1.54.4","v1.54.5","v1.54.6","v1.54.7","v1.54.8","v1.54.9","v1.55.0","v1.56.0","v1.56.1","v1.56.2","v1.57.0","v1.58.0","v1.58.1","v1.58.2","v1.58.3","v1.58.4","v1.58.5","v1.59.0","v1.6.0","v1.6.1","v1.60.0","v1.60.1","v1.61.0","v1.62.0","v1.62.1","v1.62.2","v1.62.3","v1.62.4","v1.62.5","v1.62.6","v1.62.7","v1.63.0","v1.63.1","v1.63.2","v1.64.0","v1.65.0","v1.66.0","v1.67.0","v1.67.1","v1.68.0","v1.69.0","v1.7.0","v1.7.1","v1.7.2","v1.70.0","v1.70.1","v1.71.0","v1.71.1","v1.71.2","v1.71.3","v1.71.4","v1.71.5","v1.72.0","v1.73.0","v1.74.0","v1.74.1","v1.75.0","v1.75.1","v1.75.2","v1.76.0","v1.77.0","v1.77.1","v1.77.2","v1.77.3","v1.78.0","v1.78.1","v1.78.2","v1.79.0","v1.8.0","v1.8.1","v1.80.0","v1.80.1","v1.81.0","v1.81.1","v1.81.2","v1.81.3","v1.82.0","v1.82.1","v1.82.2","v1.83.0","v1.84.0","v1.84.1","v1.85.0","v1.86.0","v1.86.1","v1.87.0","v1.88.0","v1.88.1","v1.89.0","v1.9.0","v1.90.0","v1.91.0","v1.91.1","v1.92.0","v1.93.0","v1.94.0","v1.94.1","v1.95.0","v1.96.0","v1.97.0","v1.97.1","v1.97.2","v1.97.3","v1.97.4","v1.98.0","v1.98.1","v1.98.2","v1.99.0","v1.99.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34927.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}