Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml
State Resolved (Closed)
Disclosed publicly 2018-12-05T04:13:54.278Z
Reported To
Weakness Cross-Site Request Forgery (CSRF)
Bounty
Collapse

Summary by 4cad

The /go/admin/restful/configuration/file/POST/xml path is vulnerable to Cross-Site Request Forgery that can result in an unauthorized user adding to the server cruise-config.xml and gaining complete control of the server. Successful exploitation is made difficult by the need for the admin to be served malicious HTML and for the attacker to have a copy of historical config, such as the nearly-empty empty placeholder file that gets initially generated upon install.

Timeline
submitted a report to GoCD .
2017-06-15T00:24:00.074Z

Regards,
Frans

  • 0 attachments:
maheshp Activities::Comment
2017-06-15T13:29:28.007Z


4cad Activities::Comment
2017-06-15T17:09:13.234Z


maheshp Activities::Comment
2017-06-16T09:45:36.435Z


4cad Activities::Comment
2017-06-16T10:33:03.802Z


maheshp Activities::BugResolved
2017-06-27T14:01:55.242Z


ketan Activities::AgreedOnGoingPublic
2018-11-30T12:51:03.003Z


4cad Activities::AgreedOnGoingPublic
2018-12-05T04:13:54.245Z


4cad Activities::ReportBecamePublic
2018-12-05T04:13:54.294Z