Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-19550

Tags can be added and removed without CSRF token validation

    XMLWordPrintable

Details

    • Unknown
    • N/A

    Description

      Steps to reproduce:

      • Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=add&ajax=true&tag=foo
      • Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=delete&ajax=true&tag=foo

      Expected results:

      • A CSRF token validation failure error is displayed (or some other more generic error).

      Actual results:

      • The tag is added to/deleted from the page.

      Note that for adding tags, the CSRF token is actually included in the form but it is not validated on the server.

      I have reproduced this issue on 2.6 (and a recent development version) but I think even older versions should be vulnerable.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-19602 Vulnerability in the XWiki

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link Github Security advisory

          Activity

            People

              surli Simon Urli
              MichaelHamann Michael Hamann
              Diana
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: