-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential Security Issue #1687
Comments
I don't quite get it, if you found any security issue, you can just report here as issue. |
Feel free to reopen or open another issue if you disclose the details. |
@jackycute - we are currently doing this as many maintainers have asked that reports are kept private, until they can validate the report. I will post the disclosure details here... |
✍️ DescriptionThe 🕵️♂️ Proof of Concept
💥 ImpactPrivate information leakage. |
The platform also allows the maintainer to get paid for validating, and confirming patches against advisories. Plus, we mediate and assign CVEs if needed. |
Thanks for reporting @JamieSlome. Also, there is no way we can add CSRF for HTTP GET method. |
Hey @jackycute, let me put forward the issue in a clearer way. Say that a legitimate user is logged on to their account. And he visits a malicious page at attacker.com with this content.
A normal user, who doesn't know what has happened will definitely fall into this attack since he never has requested a file download from codemd. |
You could add a CSRF token to the link before download is initiated. This would prevent attacker from initiating downloads from the server. |
This is more like a phishing attack than a CSRF issue. Since download all notes should be safe, we can consider changing |
Yeah. You are right. That would be a good fix for this. Can you consider marking this disclosure verified here as well? /cc @JamieSlome |
I would love to, can you modify the vulnerability to reflect what we've discussed here? It's potential phishing user data and severity should be lower in my opinion. |
I have updated the write-up as well as the CVSS score. Please let me know if you would like to suggest any changes. |
Is this security issue still relevant ? I don't know if a fix has been implemented ? |
👋 Hello, we've received a report for a potential high severity security issue in your repository.
Next Steps
1️⃣ Visit https://huntr.dev/bounties/1-other-hackmdio/codimd for more advisory information.
2️⃣ Sign-up to validate or speak to the researcher for more assistance.
3️⃣ Propose a patch or outsource it to our community.
Confused or need more help?
Join us on our Discord and a member of our team will be happy to help! 🤗
Speak to a member of our team: @JamieSlome
This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.
The text was updated successfully, but these errors were encountered: