There is a CSRF(Cross Site Request Forgery) security vulnerablity in Kotti when you assign local roles (via @@share view).
Detail
If admin is an Adiministration with full permissions, and testuser is a common user with viewer permission, admin-document is the document created by admin, when admin click the PoC as bellow, testuser will be the owner of the admin-document(testuser has full permission of admin-document).
There is a CSRF(Cross Site Request Forgery) security vulnerablity in Kotti when you assign local roles (via
@@shareview).Detail
If admin is an Adiministration with full permissions, and testuser is a common user with viewer permission, admin-document is the document created by admin, when admin click the PoC as bellow, testuser will be the owner of the admin-document(testuser has full permission of admin-document).
PoC
Advice: Add an anti CSRF token in the form when generate the form, and check the token in the view function.
Tested in the Kotti 1.3.1, but Kotti 2.0.0 is also Vulnerable.
Disclosuered By phoenix.ying@dbappsecurity.com.cn
The text was updated successfully, but these errors were encountered: