High

lunary

CSRF on User Signup Endpoint

A Cross-Site Request Forgery (CSRF) vulnerability was identified in version 1.2.34 of the software, allowing attackers to exploit overly permissive CORS settings to sign up and create projects as if they had local access. This issue was patched in version 1.4.10.

Available publicly on Sep 11 2024

7.4

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Credit:

patrik-ha
Threat Overview

The vulnerability arises from overly permissive CORS settings that expose all unauthenticated endpoints to CSRF attacks. This allows an attacker to perform actions such as signing up for an account and creating projects on instances hosted locally on personal machines. The main risk is for instances that are not publicly accessible, as attackers could otherwise register directly by visiting the application.

Attack Scenario

An attacker hosts a malicious script on a server and convinces a user to visit the page. The script sends a POST request to the signup endpoint of the locally hosted instance of the software, creating a new user account and potentially gaining access to further actions if the token is exposed.

Who is affected

Users hosting instances of the software locally on their personal machines are affected. These instances are not publicly accessible, making them vulnerable to CSRF attacks through local network access.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.