You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 3, 2022. It is now read-only.
CSRF vulnerability:
In some very specific circumstances, an attacker would be able to update your settings.
Basically you would need to navigate to hackersite.com while logged into our panel. Then they could modify your settings. They couldn't check if it worked, nor could they read your settings.
Patches
As of v1.1.1 this has been patched by implementing the Double submit pattern using a cookie.
Impact
CSRF vulnerability:
In some very specific circumstances, an attacker would be able to update your settings.
Basically you would need to navigate to hackersite.com while logged into our panel. Then they could modify your settings. They couldn't check if it worked, nor could they read your settings.
Patches
As of v1.1.1 this has been patched by implementing the Double submit pattern using a cookie.
References
https://owasp.org/www-community/attacks/csrf
https://www.barracuda.com/glossary/csrf
Double submit: https://medium.com/cross-site-request-forgery-csrf/double-submit-cookie-pattern-65bb71d80d9f
For more information
If you have any questions or comments about this advisory: