Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticated CSRF in Delete Campaign / Contact #3486

Closed
tgianko opened this issue Feb 21, 2017 · 5 comments
Closed

Authenticated CSRF in Delete Campaign / Contact #3486

tgianko opened this issue Feb 21, 2017 · 5 comments
Labels
bug Issues or PR's relating to bugs pending-feedback PR's and issues that are awaiting feedback from the author

Comments

@tgianko
Copy link

tgianko commented Feb 21, 2017

What type of report is this:

Q A
Bug report? Y
Feature request?
Enhancement?

Description:

Mautic suffers from autnehticated CSRF in which an attacker can trick a user/admin to delete campaigns or contacts. These two operations are not protected with an anti-CSRF token. Other operations, e.g., adding contacts/campaigns are protected.

If a bug:

Q A
Mautic version 1.4.1 (as taken from Bitnami appliances)
PHP version

Steps to reproduce:

  1. Get valid user session cookies and an ID of a campaign (or a contact)
  2. Do a POST request (including the above cookies) to
    • s/campaigns/delete/{ID}
    • s/contacts/delete/{ID}?mauticUserLastActive=1

Replace {ID} with the ID of step 1.

Log errors:

N.A.

@tgianko
Copy link
Author

tgianko commented Feb 27, 2017

Hi everybody,

Did you have a look into this?

@dbhurley
Copy link
Member

Are you still experiencing this in 2.11?

@dbhurley dbhurley added bug Issues or PR's relating to bugs pending-feedback PR's and issues that are awaiting feedback from the author labels Nov 28, 2017
@OS-WS
Copy link

OS-WS commented Jan 26, 2021

Hi, did you fix CVE-2017-8874?
If so, in what commit?

Thanks in advance!

@RCheesley
Copy link
Sponsor Member

@OrenSavichWS that was a very long time ago and the documentation was not all that great back then. I would recommend looking at the releases since 1.4.1 and then looking at the PR's if you need to find the specific commit which you can do from here.

@OS-WS
Copy link

OS-WS commented Jan 26, 2021

@RCheesley I tried that but couldn't find the right commit/PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Issues or PR's relating to bugs pending-feedback PR's and issues that are awaiting feedback from the author
Projects
None yet
Development

No branches or pull requests

4 participants