Open
Bug 1120074
Opened 9 years ago
Updated 9 years ago
Bugzilla doesn't prevent local links to be used to log in
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: netfuzzerr, Unassigned)
Details
Attachments
(1 file)
233 bytes,
text/html
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2267.0 Safari/537.36 Steps to reproduce: Hi, Csrf in login still possible if a user clicks on a link which is hosted in bugzilla mains domain then while doing the login the page will check the 'referer' header. Reproduce: 1. go to https://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=24457 while YOU ARE NOT LOGGED IN LANDFILL 2. after that, click in the link on the bug's title. 3. noticed that you're now logged in landfill. Cheers,
Comment 1•9 years ago
|
||
This is not a cross-site vulnerability as the link you click must belong to the same domain as Bugzilla itself. This isn't a security bug either as we explicitly whitelist local URLs: # Else falls back to the Referer header and accept local URLs.
Assignee: general → user-accounts
Group: bugzilla-security
Severity: normal → minor
Component: Bugzilla-General → User Accounts
Summary: csrf login still possible if clicked from a bug → Bugzilla doesn't prevent local links to be used to log in
Reporter | ||
Comment 2•9 years ago
|
||
Updates?
Comment 3•9 years ago
|
||
(In reply to Mario Gomes from comment #2) > Updates? Updates on what exactly? Do you have a specific question? Generally speaking: Nothing has happened here yet, otherwise it would be written in this task. :)
Comment hidden (spam) |
You need to log in
before you can comment on or make changes to this bug.
Description
•