Headline
CVE-2021-3957: prevent csrf to flush logs (#2930) · kevinpapst/kimai2@6b49535
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
@@ -15,6 +15,8 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
/** * @Route(path="/doctor") @@ -56,11 +58,19 @@ public function __construct(string $projectDirectory, string $kernelEnvironment, }
/** * @Route(path="/flush-log", name="doctor_flush_log", methods={"GET"}) * @Route(path="/flush-log/{token}", name="doctor_flush_log", methods={"GET"}) * @Security("is_granted(‘system_configuration’)") */ public function deleteLogfileAction(): Response public function deleteLogfileAction(string $token, CsrfTokenManagerInterface $csrfTokenManager): Response { if (!$csrfTokenManager->isTokenValid(new CsrfToken('doctor.flush_log’, $token))) { $this->flashError(‘action.delete.error’);
return $this->redirectToRoute(‘doctor’); }
$csrfTokenManager->refreshToken($token);
$logfile = $this->getLogFilename();
if (file_exists($logfile)) {