{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-18T11:27:16.049","vulnerabilities":[{"cve":{"id":"CVE-2021-29436","sourceIdentifier":"security-advisories@github.com","published":"2021-04-13T20:15:22.000","lastModified":"2024-11-21T06:01:05.650","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed()."},{"lang":"es","value":"Anuko Time Tracker es una aplicación de seguimiento del tiempo de código abierto basada en web escrita en PHP. En Time Tracker versiones anteriores a 1.19.27.5431, se presentaba una vulnerabilidad de tipo Cross site request forgery (CSRF). La naturaleza de CSRF es que un usuario que ha iniciado sesión puede ser engañado por ingeniería social para que haga clic en un formulario proporcionado por un atacante que ejecuta una acción no prevista, tal y como cambiar la contraseña del usuario. La vulnerabilidad se corrigió en la versión 1.19.27.5431 de Time Tracker. Una actualización es recomendada. Si la actualización no es práctica, introduzca la función ttMitigateCSRF() en la biblioteca /WEB-INF/lib/common.php.lib usando el último código disponible y llámelo desde la función ttAccessAllowed()"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.27.5431","matchCriteriaId":"8AA337D3-0BE0-449A-9E94-A08AD1153B35"}]}]}],"references":[{"url":"https://github.com/anuko/timetracker/commit/e3f8222ee308322942bcebcd86b78ecf19382563","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/commit/e77be7eea69df5d52e19f9f25b5b89a0e66a5b8e","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/security/advisories/GHSA-pgpx-rfvj-9g4f","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/commit/e3f8222ee308322942bcebcd86b78ecf19382563","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/commit/e77be7eea69df5d52e19f9f25b5b89a0e66a5b8e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/anuko/timetracker/security/advisories/GHSA-pgpx-rfvj-9g4f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}