Security Vulnerability

[mschop]

Hi,

I found a security vulnerability in engelsystem. How shall I provide more details?

Best Regards
mschop

[MyIgel]

Hi @mschop, afaik there is no explicit address for this, so you should write a Message to the contact@engelsystem.de and @msquare will answer you. Afaik he is busy atm so it would be nice if you could include me in the conversation too ;)

[msquare]

Hi, please provide the details per e-mail to contact@engelsystem.de - or directly to me msquare@notrademark.de.

Thank you!

[mschop]

CVE-2018-19182

[MyIgel]

-v?

[mschop]

??

[mschop]

@msquare is the fix already released?

[msquare]

Since the installation is still mostly done by cloning the repository, this may be seen as released, i guess.

[mschop]

@msquare Ok. Thanks. Then I publish the details right now for the CVE.

Those are the details regarding the security vulnerability:

There was no CSRF protection mechnism in engelsystem. This allowed attackers, to slip an user a spoofed request.

[msquare]

Yes, ok. Thank you.