CSRF to change the email id in ikus060/rdiffweb

Valid

Reported on

Sep 21st 2022

Description

The change email ID is vulnerable to CSRF. The attacker can change the email ID of the user.

Proof of Concept

1.Login into the application https://rdiffweb-demo.ikus-soft.com.

2.Open the URL https://rdiffweb-demo.ikus-soft.com/prefs/general?username=admin&email=csrf%40test.com&action=set_profile_info.

3.The email ID of the user is changed.

4.The email ID is changed.

test

Impact

This could change the email ID of the user.

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. a year ago

Patrik Dufresne

commented a year ago

Maintainer

@irfansayyed-github Plz adjust the affected version. 2.5 is not release. It's only affecting 2.4.6 and earlier.

Patrik Dufresne

commented a year ago

Maintainer

@irfansayyed-github May you also update the registry.

Thanks

Patrik Dufresne assigned a CVE to this report a year ago

irfansayyed-github

commented a year ago

Researcher

Could you also reply on this https://huntr.dev/bounties/7b6ec9f4-4fe9-4716-8dba-3491ffa3f6f2/

irfansayyed-github modified the report

a year ago

Patrik Dufresne

commented a year ago

Maintainer

@irfansayyed-github plz adjust the registry from npm to pypi.

We have contacted a member of the ikus060/rdiffweb team and are waiting to hear back a year ago

Patrik Dufresne

commented a year ago

Maintainer

@admin Could you change the registry from nmp to pypi.

Thanks

Jamie Slome

commented a year ago

Admin

Sorted :)

Patrik Dufresne validated this vulnerability a year ago

irfansayyed-github has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Patrik Dufresne marked this as fixed in 2.4.7 with commit e974df a year ago

Patrik Dufresne has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. a year ago

Patrik Dufresne

commented a year ago

Maintainer

@irfansayyed-github Plz adjust the affected version. 2.5 is not release. It's only affecting 2.4.6 and earlier.

Patrik Dufresne

commented a year ago

Maintainer

@irfansayyed-github May you also update the registry.

Thanks

Patrik Dufresne assigned a CVE to this report a year ago

irfansayyed-github

commented a year ago

Researcher

Could you also reply on this https://huntr.dev/bounties/7b6ec9f4-4fe9-4716-8dba-3491ffa3f6f2/

irfansayyed-github modified the report

a year ago

Patrik Dufresne

commented a year ago

Maintainer

@irfansayyed-github plz adjust the registry from npm to pypi.

We have contacted a member of the ikus060/rdiffweb team and are waiting to hear back a year ago

Patrik Dufresne

commented a year ago

Maintainer

@admin Could you change the registry from nmp to pypi.

Thanks

Jamie Slome

commented a year ago

Admin

Sorted :)

Patrik Dufresne validated this vulnerability a year ago

irfansayyed-github has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Patrik Dufresne marked this as fixed in 2.4.7 with commit e974df a year ago

Patrik Dufresne has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation