CVE-2022-0916

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:logitech:options:*:*:*:*:*:*:*:*

History

10 May 2022, 23:59

Type Values Removed Values Added
References (MISC) https://support.logi.com/hc/en-us/articles/360025297893 - (MISC) https://support.logi.com/hc/en-us/articles/360025297893 - Vendor Advisory
First Time Logitech
Logitech options
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
CPE cpe:2.3:a:logitech:options:*:*:*:*:*:*:*:*

03 May 2022, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-03 14:15

Updated : 2022-05-10 23:59


NVD link : CVE-2022-0916

Mitre link : CVE-2022-0916


JSON object : View

Products Affected

logitech

  • options
CWE
CWE-352

Cross-Site Request Forgery (CSRF)