CSRF to change the email id in ikus060/rdiffweb

Valid

Reported on

Sep 21st 2022


Description

The change email ID is vulnerable to CSRF. The attacker can change the email ID of the user.

Proof of Concept

1.Login into the application https://rdiffweb-demo.ikus-soft.com.

2.Open the URL https://rdiffweb-demo.ikus-soft.com/prefs/general?username=admin&email=csrf%40test.com&action=set_profile_info.

3.The email ID of the user is changed.

4.The email ID is changed.

test

test

Impact

This could change the email ID of the user.

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. 10 days ago
Patrik Dufresne
10 days ago

Maintainer


@irfansayyed-github Plz adjust the affected version. 2.5 is not release. It's only affecting 2.4.6 and earlier.

Patrik Dufresne
10 days ago

Maintainer


@irfansayyed-github May you also update the registry.

Thanks

Patrik Dufresne assigned a CVE to this report 10 days ago
irfansayyed-github
10 days ago

Researcher


Could you also reply on this https://huntr.dev/bounties/7b6ec9f4-4fe9-4716-8dba-3491ffa3f6f2/

irfansayyed-github modified the report
10 days ago
Patrik Dufresne
9 days ago

Maintainer


@irfansayyed-github plz adjust the registry from npm to pypi.

We have contacted a member of the ikus060/rdiffweb team and are waiting to hear back 9 days ago
Patrik Dufresne
9 days ago

Maintainer


@admin Could you change the registry from nmp to pypi.

Thanks

Jamie Slome
9 days ago

Admin


Sorted :)

Patrik Dufresne validated this vulnerability 9 days ago
irfansayyed-github has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Patrik Dufresne confirmed that a fix has been merged on e974df 9 days ago
Patrik Dufresne has been awarded the fix bounty
to join this conversation