Closed Bug 621109 Opened 13 years ago Closed 13 years ago

Column changing lacks CSRF protection

Categories

(Bugzilla :: Query/Bug List, defect)

3.6.3
defect
Not set
minor

Tracking

()

RESOLVED FIXED
Bugzilla 4.0

People

(Reporter: reed, Assigned: LpSolit)

References

Details

(Whiteboard: [infrasec:csrf][ws:low])

Attachments

(1 file)

colchange.cgi doesn't have any CSRF protection.
I'm not sure it really needs it, does it? As attacks go, changing the columns on my buglists is hardly serious.

Gerv
I agree it's not serious at all, but adding the tokenization wouldn't hurt anything, so why not.
Whiteboard: [infrasec:csrf][ws:moderate] → [infrasec:csrf][ws:low]
i'm not even sure I would qualify this a security bug. My vote to retarget this bug to 3.6.
Assignee: query-and-buglist → LpSolit
Attached patch patch, v1Splinter Review
IMO not a security bug, but the fix is trivial.
Attachment #499883 - Flags: review?(mkanat)
Attachment #499883 - Flags: review?(mkanat) → review?(dkl)
Blocks: 620540
Comment on attachment 499883 [details] [diff] [review]
patch, v1

Looks good and works as expected. r=dkl
Attachment #499883 - Flags: review?(dkl) → review+
Flags: approval?
Flags: approval4.0?
Agreed, not a security issue that needs to be kept confidential.
Group: bugzilla-security
Flags: blocking4.0+
Target Milestone: Bugzilla 3.2 → Bugzilla 4.0
Flags: approval?
Flags: approval4.0?
Flags: approval4.0+
Flags: approval+
Summary: [SECURITY] Column changing lacks CSRF protection → Column changing lacks CSRF protection
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified colchange.cgi
modified template/en/default/list/change-columns.html.tmpl
Committed revision 7662.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.0/
modified colchange.cgi
modified template/en/default/list/change-columns.html.tmpl
Committed revision 7520.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.