Security Advisories - grumpydictator/firefly-iii

grumpydictator/firefly-iii Security Advisories for 3.4.4.1 (23)

[MEDIUM] Firefly III has a MFA bypass in oauth flow

PKSA-t1gb-cctm-7jjf CVE-2024-37893 GHSA-4gm4-c4mh-4p7w

Affected version: <6.1.17

Reported by:
GitHub
[MEDIUM] C5 Firefly III CSV Injection.

PKSA-6dm2-zbyx-rmxw GHSA-29w6-c52g-m8jc

Affected version: <6.1.7

Reported by:
GitHub
[MEDIUM] Firefly III allows webhooks HTML Injection.

PKSA-4nd2-7dz8-kkz2 CVE-2024-22075 GHSA-vwv2-9wcj-64vx

Affected version: <6.1.1

Reported by:
GitHub
[MEDIUM] Firefly III insufficiently expires sessions

PKSA-4drh-3csm-4jht CVE-2023-1788 GHSA-h7vv-46p5-prmh

Affected version: <6.0.0

Reported by:
GitHub
[MEDIUM] Firefly III vulnerable to improper input validation

PKSA-sjcj-wgwv-vm5s CVE-2023-1789 GHSA-mwxw-hxvp-4r2r

Affected version: <6.0.0

Reported by:
GitHub
[MEDIUM] Improper Authorization in grumpydictator/firefly-iii

PKSA-drh1-yzxm-scym CVE-2023-0298 GHSA-7mc4-jp4f-v2j2

Affected version: <5.8.0

Reported by:
GitHub
[HIGH] Unrestricted File Upload vulnerability in Firefly III

PKSA-w74y-9dvc-xm52 CVE-2021-3846 GHSA-5gq7-826w-8282

Affected version: <5.6.2

Reported by:
GitHub
[MEDIUM] Firefly III vulnerable to image-based stored XSS

PKSA-vqyz-424j-mqg6 CVE-2019-13647 GHSA-pcxq-28f6-m3fm

Affected version: <4.7.17.3

Reported by:
GitHub
[MEDIUM] Firefly III vulnerable to reflected cross-site scripting

PKSA-xh3f-n3qp-4fz3 CVE-2019-13646 GHSA-mrc2-h7q2-pp97

Affected version: <4.7.17.3

Reported by:
GitHub
[MEDIUM] Firefly III vulnerable to stored XSS

PKSA-zn8h-77t6-y6q9 CVE-2019-13645 GHSA-5hpw-vcj2-prwg

Affected version: <4.7.17.3

Reported by:
GitHub
[MEDIUM] Firefly III vulnerable to stored XSS

PKSA-94hw-fp7m-vcdg CVE-2019-13644 GHSA-9xmx-rj7j-fv9q

Affected version: <4.7.17.1

Reported by:
GitHub
[MEDIUM] Cross Site Request Forgery in firefly-iii

PKSA-j7wb-ghhk-vhmf CVE-2021-4005 GHSA-hjhp-hwfj-hwf3

Affected version: <5.6.5

Reported by:
GitHub
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-qyrk-bshg-tx6v CVE-2021-4015 GHSA-g6vq-wc8w-4g69

Affected version: <5.6.5

Reported by:
GitHub
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-nrhm-c7xq-fhhn CVE-2021-3921 GHSA-q2cv-94xm-qvg4

Affected version: <5.6.3

Reported by:
GitHub
[MEDIUM] Cross-Site Request Forgery in firefly-iii

PKSA-xyvr-vw9x-99jx CVE-2021-3900 GHSA-pfj7-w373-gqch

Affected version: <=5.6.2

Reported by:
GitHub
[LOW] Cross-Site Request Forgery in firefly-iii

PKSA-4xxh-kddp-ggvd CVE-2021-3901 GHSA-rqgp-ccph-5w65

Affected version: <=5.6.2

Reported by:
GitHub
[MEDIUM] Open Redirect in firefly-iii

PKSA-xth5-bkjy-jks2 CVE-2021-3851 GHSA-5fvx-5p2r-4mvp

Affected version: <5.6.2

Reported by:
GitHub
[MEDIUM] Cross-Site Request Forgery in firefly-iii

PKSA-7gw2-ck6c-56ry CVE-2021-3819 GHSA-356r-77q8-f64f

Affected version: <5.6.1

Reported by:
GitHub
[LOW] Improper Input Validation in Firefly III

PKSA-6ydk-gvbp-3s54 CVE-2019-14671 GHSA-jjcx-999m-35hc

Affected version: <=4.7.17.3

Reported by:
GitHub
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-kkxm-4vhh-v3rz CVE-2021-3728 GHSA-xp5q-77mh-6hm2

Affected version: <5.6.0

Reported by:
GitHub
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-kydm-j49j-gwdm CVE-2021-3730 GHSA-c676-mcw3-qg55

Affected version: <5.6.0

Reported by:
GitHub
[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-9jqz-6fy2-4xsk CVE-2021-3729 GHSA-gp6w-ccqv-p7qr

Affected version: <5.6.0

Reported by:
GitHub
[MEDIUM] No Restriction of Excessive Authentication Attempts in Firefly III

PKSA-pjpb-nz4z-5w2t CVE-2021-3663 GHSA-56cx-wf47-hx7w

Affected version: <5.5.13

Reported by:
GitHub

grumpydictator/firefly-iii Security Advisories for 3.4.4.1 (23)

[MEDIUM] Firefly III has a MFA bypass in oauth flow

[MEDIUM] C5 Firefly III CSV Injection.

[MEDIUM] Firefly III allows webhooks HTML Injection.

[MEDIUM] Firefly III insufficiently expires sessions

[MEDIUM] Firefly III vulnerable to improper input validation

[MEDIUM] Improper Authorization in grumpydictator/firefly-iii

[HIGH] Unrestricted File Upload vulnerability in Firefly III

[MEDIUM] Firefly III vulnerable to image-based stored XSS

[MEDIUM] Firefly III vulnerable to reflected cross-site scripting

[MEDIUM] Firefly III vulnerable to stored XSS

[MEDIUM] Firefly III vulnerable to stored XSS

[MEDIUM] Cross Site Request Forgery in firefly-iii

[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] Cross-Site Request Forgery in firefly-iii

[LOW] Cross-Site Request Forgery in firefly-iii

[MEDIUM] Open Redirect in firefly-iii

[MEDIUM] Cross-Site Request Forgery in firefly-iii

[LOW] Improper Input Validation in Firefly III

[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] No Restriction of Excessive Authentication Attempts in Firefly III