csrf bug to remove a bookmark in sissbruecker/linkding

Valid

Reported on

Mar 26th 2022


Description

CSRF bug to remove bookmark

Proof of Concept

There is no csrf token check during bookmark remove .
Let say there is two user 1. user-A --> victim
2. user-B --> attacker \

STEP

1. user-A create bookmark and lets bookmark id is 123
2. Now user-B attacker send a link https://demo.linkding.link/bookmarks/123/remove?return_url=%2Fbookmarks to victim user-A .
When user-A open this link then his bookmark will be deleted

Impact

csrf bug to delete victim bookmark

We are processing your report and will contact the sissbruecker/linkding team within 24 hours. 2 months ago
We have contacted a member of the sissbruecker/linkding team and are waiting to hear back 2 months ago
Sascha Ißbrücker validated this vulnerability 2 months ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Sascha Ißbrücker confirmed that a fix has been merged on eca98a 2 months ago
The fix bounty has been dropped
bookmarks.py#L139-L149 has been validated
to join this conversation