CVE-2022-0916
03.05.2022, 14:15
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
| Vendor | Product | Version |
|---|---|---|
| logitech | options | 𝑥 < 9.60.87 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.