Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 14.3, 13.10.6
Affects Version/s: 2.0 M2
Component/s: Tag, Web - Templates & Resources
Labels:

Difficulty:
Unknown
Documentation:
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj
Documentation in Release Notes:
N/A
Similar issues:

Description

Steps to reproduce:

Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=add&ajax=true&tag=foo
Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=delete&ajax=true&tag=foo

Expected results:

A CSRF token validation failure error is displayed (or some other more generic error).

Actual results:

The tag is added to/deleted from the page.

Note that for adding tags, the CSRF token is actually included in the form but it is not validated on the server.

I have reproduced this issue on 2.6 (and a recent development version) but I think even older versions should be vulnerable.

Attachments

Issue Links

links to

Github Security advisory

Activity

People

Assignee:: Simon Urli

Reporter:: Michael Hamann

Special Allowed Users:: Diana

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Mar/22 17:07

Updated:: 08/Sep/22 14:29

Resolved:: 21/Apr/22 15:54

Date of First Response:: 21/Apr/22 3:47 PM