Lucene search

K

GoogleOSV:GHSA-HH7M-RX4F-4VPV

HistoryJan 11, 2021 - 8:38 p.m.

CSRF can expose users authentication token

2021-01-1120:38:28

Google

osv.dev

8

csrf

vulnerability

/login

/change

authentication token

get request

csrf token

3.4.5

4.0.0

patch

security_token_max_age

workaround

EPSS

0.001

Percentile

46.2%

Issue

The /login and /change endpoints can return the authenticated user’s authentication token in response to a GET request. Since GET requests aren’t protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token.

Patches

Version 3.4.5 and soon to be released 4.0.0 are patched.

Workarounds

If you aren’t using authentication tokens - you can set the SECURITY_TOKEN_MAX_AGE to “0” (seconds) which should make the token unusable.

References

None

References

github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f

github.com/Flask-Middleware/flask-security/commit/6d50ee9169acf813257c37b75babe9c28e83542a

github.com/Flask-Middleware/flask-security/pull/422

github.com/Flask-Middleware/flask-security/releases/tag/3.4.5

github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv

nvd.nist.gov/vuln/detail/CVE-2021-21241

pypi.org/project/Flask-Security-Too

EPSS

0.001

Percentile

46.2%

Related for OSV:GHSA-HH7M-RX4F-4VPV

prion1 ubuntucve1 openvas2 veracode1 cvelist1 cve1 gitlab1 redhatcve1 nvd1 suse1 nessus1 archlinux1 osv1 debiancve1 github1