Cross-Site Request Forgery (CSRF) in emoncms/dashboard

Valid

Reported on

Jul 22nd 2021


ūüí• BUG

csrf bug to change email

ūüí• STEP TO REPRODUCE

  1. First login into your account and open the link http://localhost/emoncms/user/changeemail.json?&email=admin%40localhost.combm and your email will be changed.

ūüí• IMPACT

Any attacker can send those link to vicitm and when vicitm open the link then email will be changed

ūüí• STUDY

https://portswigger.net/web-security/csrf
https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/
https://owasp.org/www-community/attacks/csrf\

We have contacted a member of the emoncms/dashboard team and are waiting to hear back 2 years ago
A emoncms/dashboard maintainer
2 years ago

Thanks @ranjit-git , I have a fix for this working its way into the core at the moment setting the samesite cookie property to strict, will link and update this shortly

A emoncms/dashboard maintainer validated this vulnerability 2 years ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
A emoncms/dashboard maintainer
2 years ago

Here's the fix in the core repo https://github.com/emoncms/emoncms/commit/5e08ec969c1a1ceb483e2ef08bb2073f981ceada

I will link last commit in the dashboard repo to close this issue.

Thanks again!

A emoncms/dashboard maintainer marked this as fixed with commit 58af4f 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation