colchange.cgi doesn't have any CSRF protection.
I'm not sure it really needs it, does it? As attacks go, changing the columns on my buglists is hardly serious. Gerv
I agree it's not serious at all, but adding the tokenization wouldn't hurt anything, so why not.
Whiteboard: [infrasec:csrf][ws:moderate] → [infrasec:csrf][ws:low]
i'm not even sure I would qualify this a security bug. My vote to retarget this bug to 3.6.
IMO not a security bug, but the fix is trivial.
Attachment #499883 - Flags: review?(mkanat)
Attachment #499883 - Flags: review?(mkanat) → review?(dkl)
Comment on attachment 499883 [details] [diff] [review] patch, v1 Looks good and works as expected. r=dkl
Attachment #499883 - Flags: review?(dkl) → review+
Agreed, not a security issue that needs to be kept confidential.
Target Milestone: Bugzilla 3.2 → Bugzilla 4.0
Summary: [SECURITY] Column changing lacks CSRF protection → Column changing lacks CSRF protection
Committing to: bzr+ssh://firstname.lastname@example.org/bugzilla/trunk/ modified colchange.cgi modified template/en/default/list/change-columns.html.tmpl Committed revision 7662. Committing to: bzr+ssh://email@example.com/bugzilla/4.0/ modified colchange.cgi modified template/en/default/list/change-columns.html.tmpl Committed revision 7520.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.