csrf bug to remove a bookmark in sissbruecker/linkding

Valid

Reported on

Mar 26th 2022


Description

CSRF bug to remove bookmark

Proof of Concept

There is no csrf token check during bookmark remove .
Let say there is two user 1. user-A --> victim
2. user-B --> attacker \

STEP

1. user-A create bookmark and lets bookmark id is 123
2. Now user-B attacker send a link https://demo.linkding.link/bookmarks/123/remove?return_url=%2Fbookmarks to victim user-A .
When user-A open this link then his bookmark will be deleted

Impact

csrf bug to delete victim bookmark

We are processing your report and will contact the sissbruecker/linkding team within 24 hours. a year ago
We have contacted a member of the sissbruecker/linkding team and are waiting to hear back a year ago
Sascha Ißbrücker validated this vulnerability a year ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Sascha Ißbrücker marked this as fixed in 1.8.8 with commit eca98a a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
bookmarks.py#L139-L149 has been validated
to join this conversation