We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-Site Request Forgery (CSRF) in emoncms/dashboard

Valid

Reported on

Jul 22nd 2021

💥 BUG

csrf bug to change email

💥 STEP TO REPRODUCE

  1. First login into your account and open the link http://localhost/emoncms/user/changeemail.json?&email=admin%40localhost.combm and your email will be changed.

💥 IMPACT

Any attacker can send those link to vicitm and when vicitm open the link then email will be changed

💥 STUDY

https://portswigger.net/web-security/csrf
https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/
https://owasp.org/www-community/attacks/csrf\

We have contacted a member of the emoncms/dashboard team and are waiting to hear back 2 years ago
emoncms/dashboard maintainer
2 years ago

Thanks @ranjit-git , I have a fix for this working its way into the core at the moment setting the samesite cookie property to strict, will link and update this shortly

emoncms/dashboard maintainer validated this vulnerability 2 years ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
emoncms/dashboard maintainer
2 years ago

Here's the fix in the core repo https://github.com/emoncms/emoncms/commit/5e08ec969c1a1ceb483e2ef08bb2073f981ceada

I will link last commit in the dashboard repo to close this issue.

Thanks again!

emoncms/dashboard maintainer marked this as fixed with commit 58af4f 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation