{"id":"CVE-2023-45884","details":"Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.","aliases":["GHSA-4g88-4hgm-m99x"],"modified":"2026-04-10T05:01:43.322569Z","published":"2023-11-09T17:15:08.853Z","references":[{"type":"EVIDENCE","url":"https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nasa/openmct","events":[{"introduced":"0"},{"last_affected":"c1dd82cf5f188e7c79a08ea729267a86e0a28968"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.0"}]}}],"versions":["0.14.0","1.7.8-rc1","V-R4.4-41620","V-R4.4-RC4","V-R4.4-RC5","list","open-v0.7.2","openmct-viper-build-2-rc2","sim3","v0.10.1","v0.10.2","v0.10.3","v0.11.0","v0.11.1","v0.11.2","v0.11.3","v0.12.0","v0.14.0","v1.2-RC1","v1.2-RC3","v1.2-rc2","v1.3.1","v1.4.0-rc5","v1.4.1-rc1","v1.4.1-rc2","v3.1.0","vista-4.7.0-rc1","vista-4.7.0-rc2","vista-4.7.0-rc3","vista-4.7.0-rc5","vista-r4.3.1-rc1","vista-r4.8.0-rc1","vista-r4.8.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45884.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}