User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2267.0 Safari/537.36 Steps to reproduce: Hi, Csrf in login still possible if a user clicks on a link which is hosted in bugzilla mains domain then while doing the login the page will check the 'referer' header. Reproduce: 1. go to https://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=24457 while YOU ARE NOT LOGGED IN LANDFILL 2. after that, click in the link on the bug's title. 3. noticed that you're now logged in landfill. Cheers,
This is not a cross-site vulnerability as the link you click must belong to the same domain as Bugzilla itself. This isn't a security bug either as we explicitly whitelist local URLs: # Else falls back to the Referer header and accept local URLs.
Assignee: general → user-accounts
Severity: normal → minor
Component: Bugzilla-General → User Accounts
Summary: csrf login still possible if clicked from a bug → Bugzilla doesn't prevent local links to be used to log in
(In reply to Mario Gomes from comment #2) > Updates? Updates on what exactly? Do you have a specific question? Generally speaking: Nothing has happened here yet, otherwise it would be written in this task. :)
You need to log in before you can comment on or make changes to this bug.