Contrib.social

Add CSRF token to mitigate vulnerability in download story route

Open on Drupal.org β†’
Created on 16 June 2024, 12 days ago

Replicated security issue that was agreed to be moved to public.
To be replicated on 4.0.x and 5.0.x branches.

This module has a CSRF vulnerability.

You can see this vulnerability by:
1. Enabling the module
2. Configure shorthand token
3. Visit /admin/content/shorthand
4. Note the 'Download story' links

These links don't include a CSRF token but perform an action.

In theory a malicious user who knew a story ID could trick an admin user into visiting a carefully crafted url (e.g. via an img tag) and trigger story download.

Given story IDs need to be know ahead of time, this can most likely be handled in public.

Proposed resolution: Add _csrf_token to the route

πŸ› Bug report
Status

Fixed

Version

4.0

Component

Code

Created by

πŸ‡¦πŸ‡ΊAustralia VladimirAus Brisbane, Australia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024