Open
Bug 1120074
Opened 11 years ago
Updated 10 years ago
Bugzilla doesn't prevent local links to be used to log in
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: netfuzzerr, Unassigned)
Details
Attachments
(1 file)
|
233 bytes,
text/html
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2267.0 Safari/537.36
Steps to reproduce:
Hi,
Csrf in login still possible if a user clicks on a link which is hosted in bugzilla mains domain then while doing the login the page will check the 'referer' header.
Reproduce:
1. go to https://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=24457 while YOU ARE NOT LOGGED IN LANDFILL
2. after that, click in the link on the bug's title.
3. noticed that you're now logged in landfill.
Cheers,
|
||
Comment 1•11 years ago
|
||
This is not a cross-site vulnerability as the link you click must belong to the same domain as Bugzilla itself. This isn't a security bug either as we explicitly whitelist local URLs:
# Else falls back to the Referer header and accept local URLs.
Assignee: general → user-accounts
Group: bugzilla-security
Severity: normal → minor
Component: Bugzilla-General → User Accounts
Summary: csrf login still possible if clicked from a bug → Bugzilla doesn't prevent local links to be used to log in
|
Reporter | |
Comment 2•10 years ago
|
||
Updates?
|
||
Comment 3•10 years ago
|
||
(In reply to Mario Gomes from comment #2)
> Updates?
Updates on what exactly? Do you have a specific question? Generally speaking: Nothing has happened here yet, otherwise it would be written in this task. :)
You need to log in
before you can comment on or make changes to this bug.
Description
•