Lucene search
K

42 matches found

Snyk
Snyk
added 2020/05/19 7:38 a.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF given a global CSRF token such as the one present in the authenticitytoken meta tag. Remediation Upgrade actionpack to version 5.2.4.3, 6.0.3.1 or higher. References - GitHub Commit - Google Group Forum -...

6.5CVSS7.6AI score0.01673EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/04/10 8:23 p.m.6 views

rack-protection: Timing attack in authenticity_token.rb

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

5.9CVSS7.3AI score0.02489EPSS
Exploits0References4
CNVD
CNVD
added 2018/01/30 12:0 a.m.6 views

OmniAuth Information Disclosure Vulnerability

OmniAuth is a set of authentication system using Rack middleware implementation . An information disclosure vulnerability exists in the strategy.rb file in versions of OmniAuth prior to 1.3.2, which stems from the program failing to properly protect the authenticitytoken value. An attacker could...

7.5CVSS6.4AI score0.02129EPSS
Exploits0References1
OSV
OSV
added 2018/01/26 7:29 p.m.2 views

DEBIAN-CVE-2017-18076

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.5CVSS6.8AI score0.02129EPSS
Exploits0References1
NVD
NVD
added 2018/01/26 7:29 p.m.22 views

CVE-2017-18076

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.5CVSS7.4AI score0.02129EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/08/28 4:40 p.m.21 views

GSA Bounty: 2FA bypass - confirmation tokens don't expire

Hi there, Because of the limitation of the site, accounts may be locked down for 10 minutes. I found 2 ways to bypass this lock period. First one with the confirmation mail that we get when we sign on. If we get the token this way below, we can change account password and bypass the lock period a...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/05/01 3:54 p.m.20 views

New Relic: CSRF For Adding Users

Issue The API affected is https://rpm.newrelic.com/accounts/accountid/accountviews. Only admin users are allowed to add other new users, but a normal user with knowledge of the accountid can craft a webpage which does a CSRF when an admin user visits it. There are 2 problems with it that can resu...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2017/02/24 10:26 p.m.36 views

Files.com: CSRF @ configuration

Enter the support PIN from your test site if applicable: Enter the name of your test site if applicable: gaming2 Enter the subdomain from your test site if applicable: gaming2 Fill in the rest of your report below: ---- Greeting guys , i found a CSRF Bug at the configuration - General form in all...

6.8AI score
Exploits0
Veracode
Veracode
added 2017/01/26 1:44 a.m.18 views

Cross-Site Request Forgery (CSRF) Via Leakage Of Authenticity Token

omniauth is susceptible to cross-site request forgery attacks. The attacks are possible because it stores POST parameters in addition to GET parameters in callback phase, thereby exposing authenticitytokens from the POST parameters and leading to bypass of cross-site request forgery protection...

7.5CVSS7.3AI score0.02129EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2017/01/11 12:0 a.m.15 views

omniauth leaks authenticity token in callback params

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.5CVSS4.8AI score0.02129EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2016/08/15 12:0 a.m.64 views

GitLab - impersonate Feature Privilege Escalation

GitLab - impersonate Feature Privilege Escalation Exploit Title: GitLab privilege escalation via "impersonate" feature Date: 02-05-2016 Software Link: https://about.gitlab.com/ Version: 8.2.0 - 8.2.4, 8.3.0 - 8.3.8, 8.4.0 - 8.4.9, 8.5.0 - 8.5.11, 8.6.0 - 8.6.7, 8.7.0 Exploit Author: Kaimi Website...

6.5CVSS0.4AI score0.10143EPSS
Exploits5
Hacker One
Hacker One
added 2016/06/30 6:31 p.m.157 views

HackerOne: Possible CSRF during joining report as participant

Hi, I think i found a possible csrf issue with joining report as participant endpoint, Actually one of the bug got duplicated and the company added me into the original bug as a participant. then, I got invitation from hackerone to joing the report. After opening the invitation link, there was tw...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/12/10 12:0 a.m.25 views

FreeBSD : redmine -- information leak vulnerability (49def4b7-9ed6-11e5-8f5c-002590263bf5)

Redmine reports : Potential data leak project names in the invalid form authenticity token error screen. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine...

5.4AI score
Exploits0References2
Hacker One
Hacker One
added 2015/06/15 9:59 p.m.32 views

Airbnb: authenticity_token is not random across page loads

In order to protect against the Breach attack, the authenticity token needs to be unique on every page load. A simple fix is to mask the token with some random bytes, which is what ruby on rails did in version 4.2.0 the exact patch is here: https://github.com/rails/rails/pull/16570/files...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2015/03/10 1:1 a.m.33 views

X (Formerly Twitter): open redirect sends authenticity_token to any website or (ip address)

Hi, URL: https://mobile.twitter.com//example/messages there is double slash before "example" word when you click "send" after writing a message the authenticitytoken will send to https://example this URL doesn't allow any dots in it, so i can not write //example.com but when i write a number it...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2015/03/02 1:7 a.m.66 views

X (Formerly Twitter): Open Redirect leak of authenticity_token lead to full account take over.

Hey guys URL: https://mobile.twitter.com/messages/follow?recipient=/example.com when I click 'Follow' I will send my POST request to https://example.com witch contains my authenticitytoken that can be used for anything like tweeting, following, sending messages, changing username.,.,.etc it can b...

6.9AI score
Exploits0
NVD
NVD
added 2015/02/19 3:59 p.m.17 views

CVE-2015-1585

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...

6.8CVSS6.4AI score0.01094EPSS
Exploits3References4
Prion
Prion
added 2015/02/19 3:59 p.m.17 views

Cross site request forgery (csrf)

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...

6.8CVSS6.9AI score0.01094EPSS
Exploits3References4Affected Software1
Hacker One
Hacker One
added 2015/02/11 8:3 p.m.76 views

HackerOne: CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain

Background - There has been at least one case where an attacker was able to insert arbitrary HTML into a submitted report - HackerOne uses a very strict Content Security Policy that prevents inline script and script from other origins - HackerOne uses an authenticitytoken in its POSTs to guard...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2015/02/05 1:8 p.m.58 views

Enter: CSRF token leakage

Hi, I have noticed that when the account verification fails here : https://wallet.robocoin.com/verify/ due to an error, the CSRF token is being leaked via GET method like : https://wallet.robocoin.com/verify/id?csrf=b8ede20d-0c0b-4e16-9d05-6ad2ed8b72c4 So the authenticity token is being stored in...

6.8AI score
Exploits0
Rows per page
Query Builder