Column changing lacks CSRF protection

RESOLVED FIXED in Bugzilla 4.0

Status

()

Bugzilla
Query/Bug List
--
minor
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: reed, Assigned: Frédéric Buclin)

Tracking

3.6.3
Bugzilla 4.0
Bug Flags:
approval +
approval4.0 +
blocking4.0 +

Details

(Whiteboard: [infrasec:csrf][ws:low])

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
colchange.cgi doesn't have any CSRF protection.
I'm not sure it really needs it, does it? As attacks go, changing the columns on my buglists is hardly serious.

Gerv
(Reporter)

Comment 2

7 years ago
I agree it's not serious at all, but adding the tokenization wouldn't hurt anything, so why not.
Whiteboard: [infrasec:csrf][ws:moderate] → [infrasec:csrf][ws:low]
(Assignee)

Comment 3

7 years ago
i'm not even sure I would qualify this a security bug. My vote to retarget this bug to 3.6.
(Assignee)

Updated

7 years ago
Assignee: query-and-buglist → LpSolit
(Assignee)

Comment 4

7 years ago
Created attachment 499883 [details] [diff] [review]
patch, v1

IMO not a security bug, but the fix is trivial.
Attachment #499883 - Flags: review?(mkanat)
(Assignee)

Updated

7 years ago
Attachment #499883 - Flags: review?(mkanat) → review?(dkl)
(Reporter)

Updated

7 years ago
Blocks: 620540
Comment on attachment 499883 [details] [diff] [review]
patch, v1

Looks good and works as expected. r=dkl
Attachment #499883 - Flags: review?(dkl) → review+

Updated

7 years ago
Flags: approval?
Flags: approval4.0?

Comment 6

7 years ago
Agreed, not a security issue that needs to be kept confidential.
Group: bugzilla-security
Flags: blocking4.0+
Target Milestone: Bugzilla 3.2 → Bugzilla 4.0

Updated

7 years ago
Flags: approval?
Flags: approval4.0?
Flags: approval4.0+
Flags: approval+
Summary: [SECURITY] Column changing lacks CSRF protection → Column changing lacks CSRF protection
(Assignee)

Comment 7

7 years ago
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified colchange.cgi
modified template/en/default/list/change-columns.html.tmpl
Committed revision 7662.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.0/
modified colchange.cgi
modified template/en/default/list/change-columns.html.tmpl
Committed revision 7520.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.