CVSS v3.x: 6.5 (Medium)
- >= 0.1.2
Clockwork Web is vulnerable to cross-site request forgery (CSRF) with Rails < 5.2.
A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs.