Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-23588: GitHub - huzaifahussain98/CVE-2020-23588: CSRF attack leads to "Enable or Disable Ports" and to "Change port numbers

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ".

CVE
#csrf#vulnerability#web#git#auth
CVE-2020-23586: GitHub - huzaifahussain98/CVE-2020-23586: CSRF allows to Add Network Traffic Control Type Rule

A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.

CVE-2020-23585: GitHub - huzaifahussain98/CVE-2020-23585: cross-site request forgery (CSRF) attack on "OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028".

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network".

CVE-2020-23593: GitHub - huzaifahussain98/CVE-2020-23593: INFORMATION DISCLOSURE :CSRF to enable syslog mode and send to remote syslog server IP and Port.

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.

CVE-2022-41919: Merge pull request from GHSA-3fjj-p79j-c9hh · fastify/fastify@62dde76

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'.

CVE-2022-44737: WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.

CVE-2022-44788: Maggioli Appalti & Contratti, Multiple Vulnerabilities - BackBox.org Membership

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.

GHSA-mq7h-5574-hw9f: Cross-Site Request Forgery (CSRF) allowing to delete or rename tags

### Impact It's possible with a simple request to perform deletion or renaming of tags without needing any confirmation, by using a CSRF attack. ### Patches The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. ### Workarounds It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ``` See the commit with the fix for more information about patching the page: https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e ### References * https://jira.xwiki.org/browse/XWIKI-19748 * https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e ### For more information If you have any questions or comments about this advisory: * Open an issue in [JIRA](https://jira.xwiki.org) * Ema...

GHSA-qccm-wmcq-pwr6: Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. **Affected platforms:** All **Patched Tailscale client versions:** v1.32.3 or later, v1.33.257 or later (unstable) ### What happened? In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. ### Who is affected? All Tailscale clients prior to version v.1.32.3 are affected. ### What should I do? Upgrade to v1.32.3 or later to remediate the issue. ### What is the impact? An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may in...

GHSA-vqp6-rc3h-83cp: Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. **Affected platforms:** Windows **Patched Tailscale client versions:** v1.32.3 or later, v1.33.257 or later (unstable) ### What happened? In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. ### Who is affected? All Windows clients prior to version v.1.32.3 are affected. ### What should I do? If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue. ### What is the impact? An attacker-controlled coo...