codeigniter4/shield is vulnerable to cross-site request forgery. The vulnerability exists in the startLogin
function of Session.php
, allowing same site attackers to bypass the CSRF Protection mechanism and redirect to malicious urls such as https://a.example.com/
and http://example.com/
when the Config\Security::$csrfProtection
is cookie
or session
and Config\Security::$regenerate
is true
or false
CPE | Name | Operator | Version |
---|---|---|---|
codeigniter4/shield | eq | v1.0.0-beta | |
codeigniter4/shield | eq | v1.0.0-beta |
codeigniter4.github.io/userguide/libraries/security.htm
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
github.com/codeigniter4/shield/commit/342a368536678621998c3c41d276480cd14ec6c6
github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
jub0bs.com/posts/2021-01-29-great-samesite-confusion
jub0bs.com/posts/2021-01-29-great-samesite-confusion/