From 82073857c048d7266937e376b79a39306cff0a58 Mon Sep 17 00:00:00 2001
From: Andrew Kane <andrew@ankane.org>
Date: Wed, 1 Feb 2023 17:00:58 -0800
Subject: [PATCH] Added CVE-2023-25015 for clockwork_web

---
 gems/clockwork_web/CVE-2023-25015.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 gems/clockwork_web/CVE-2023-25015.yml

diff --git a/gems/clockwork_web/CVE-2023-25015.yml b/gems/clockwork_web/CVE-2023-25015.yml
new file mode 100644
index 0000000000..002e4e59fa
--- /dev/null
+++ b/gems/clockwork_web/CVE-2023-25015.yml
@@ -0,0 +1,14 @@
+---
+gem: clockwork_web
+cve: 2023-25015
+url: https://github.com/ankane/clockwork_web/issues/4
+title: CSRF Vulnerability with Rails < 5.2
+date: 2023-02-01
+description: |
+  Clockwork Web is vulnerable to cross-site request forgery (CSRF) with Rails < 5.2.
+
+  A CSRF attack works by getting an authorized user to visit a malicious website and
+  then performing requests on behalf of the user. In this instance, actions include
+  enabling and disabling jobs.
+patched_versions:
+- ">= 0.1.2"