Referrer leak in transformations

PMASA-2016-28

Announcement-ID: PMASA-2016-28

Date: 2016-06-23

Summary

Referrer leak in transformations

Description

A vulnerability was reported where a specially crafted Transformation could be used to leak information including the authentication token. This could be used to direct a CSRF attack against a user.

Furthermore, the CSP code used in version 4.0.x is outdated and has been updated to more modern standards.

Severity

We consider this to be of moderate severity

Affected Versions

All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected

Solution

Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer or apply patch listed below.

References

Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability.

Assigned CVE ids: CVE-2016-5739

CWE ids: CWE-661

Patches

The following commits have been made on the 4.0 branch to fix this issue:

• 3287519
• 8c336ba

The following commits have been made on the 4.4 branch to fix this issue:

• 22ad8b6
• adfec38

The following commits have been made on the 4.6 branch to fix this issue:

• 1e5716c
• 2f49508

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.