{"id": "H1:223329", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Weblate: Logout CSRF", "description": "Hi Team,\n\nThis is a low risk but want you to know that logout on this domain `demo.weblate.org` did not protect the logout form with csrf token, therefor i can logout any user by sending this url `https://demo.webplate.org/accounts/logout/`.\n\nLogout should have post method with a valid csrf token.\n\nLet me know if you need more info.\n\nRegards\nJapz", "published": "2017-04-24T09:08:31", "modified": "2017-05-17T14:20:15", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/223329", "reporter": "japz", "references": [], "cvelist": [], "lastseen": "2018-06-21T23:15:49", "viewCount": 16, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2018-06-21T23:15:49", "rev": 2}, "dependencies": {"references": [], "modified": "2018-06-21T23:15:49", "rev": 2}, "vulnersScore": -0.1}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "weblate", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/019/468/031e92a2cecbe38ab7cb25b78a1de2e6455a7cda_medium.?1490255263", "small": "https://profile-photos.hackerone-user-content.com/000/019/468/8de19bd3587c60a19501ba13609bc8a80071d5ca_small.?1490255263"}, "url": "https://hackerone.com/weblate"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/078/347/456a23147b18f17e56cb5835da0ab06579e65910_small.png?1529606078"}, "url": "/japz", "username": "japz"}}

{}