Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-4005: Cross-Site Request Forgery (CSRF) in firefly-iii

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

CVE
#csrf#vulnerability#git

Valid

Reported on

Nov 23rd 2021

Description

CSRF to disable 2FA

Proof of Concept

<a href="http://10.0.2.15/profile/delete-code">CLICK ME!</a>

Impact

This vulnerability is capable of tricking users to disable 2FA.

We are processing your report and will contact the firefly-iii team within 24 hours. 11 days ago

haxatron

commented 11 days ago

Researcher

My apologies for submitting the reports earlier regarding /debug and /flush. I was under the assumption that the /debug and /flush was available to only admin users, as the /flush UI only appeared in the Administration panel.

haxatron

commented 11 days ago

Researcher

With further testing on the application after I made the reports, I discovered another CSRF unprotected endpoint which allows for a state-change, the endpoint is as listed above.

Nice find, that’s an important one to fix. No worries about the other endpoints, keep it up!

James Cole validated this vulnerability 11 days ago

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

Are we able to mark a fix against this report, and we can go ahead and publish the CVE!

Not yet I completely forgot about it. :D

No worries, take your time! 🤝

We are processing your report and will contact the firefly-iii team within 24 hours. 11 days ago

haxatron

commented 11 days ago

Researcher

My apologies for submitting the reports earlier regarding /debug and /flush. I was under the assumption that the /debug and /flush was available to only admin users, as the /flush UI only appeared in the Administration panel.

haxatron

commented 11 days ago

Researcher

With further testing on the application after I made the reports, I discovered another CSRF unprotected endpoint which allows for a state-change, the endpoint is as listed above.

Nice find, that’s an important one to fix. No worries about the other endpoints, keep it up!

James Cole validated this vulnerability 11 days ago

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

Are we able to mark a fix against this report, and we can go ahead and publish the CVE!

Not yet I completely forgot about it. :D

No worries, take your time! 🤝

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907