MantisBT - TestLink
View Issue Details
0006506TestLinkSecurity - Generalpublic2014-08-14 14:422014-09-27 16:42
cedric 
fman 
normalmajoralways
closedfixed 
x86_64Windows7
1.9.10 (2014 Q1 - bug fixing) 
1.9.12 (2014 Q3) 
MySQL
Chrome 28
5.3.3
READY FOR TESTING
0006506: Cross-Site Request Forgery on lib/usermanagement/rolesView.php (CWE-352)
An unauthorized person can trick a user to delete a role without his knowledge.
 1. Login as a valid user
 2. Create a HTML file with this content:

<img src="http://demo.testlink.org/latest/lib/usermanagement/rolesView.php?doAction=confirmDelete&roleid=XXX" [^] style="width:0px;height:0px;" />

* Where XXX is the role ID to be deleted.

 3. Open the file with a browser.
No tags attached.
child of 0006457closed fman Availables hot-fixes for 1.9.11 & How To get full fixed package from gitorious 
Issue History
2014-08-14 14:42cedricNew Issue
2014-08-15 08:47fmanNote Added: 0021471
2014-08-15 09:16fmanNote Added: 0021472
2014-08-15 09:17fmanNote Edited: 0021472bug_revision_view_page.php?bugnote_id=21472#r3671
2014-08-15 09:17fmanAssigned To => fman
2014-08-15 09:17fmanStatusnew => feedback
2014-08-15 09:29fmanRelationship addedchild of 0006457
2014-08-15 18:14fmanNote Edited: 0021472bug_revision_view_page.php?bugnote_id=21472#r3672
2014-08-15 18:17fmanQA Team - Task Workflow Status => TBD
2014-09-08 21:25fmanQA Team - Task Workflow StatusTBD => READY FOR TESTING
2014-09-08 21:25fmanStatusfeedback => resolved
2014-09-08 21:25fmanFixed in Version => 1.9.12 (2014 Q3)
2014-09-08 21:25fmanResolutionopen => fixed
2014-09-27 16:42fmanNote Added: 0021709
2014-09-27 16:42fmanStatusresolved => closed
2015-09-15 21:09fmanCategorySecurity => Security - XSS
2015-09-15 21:10fmanCategorySecurity - XSS => Security - General

Notes
(0021471)
fman   
2014-08-15 08:47   
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet [^]
(0021472)
fman   
2014-08-15 09:16   
(edited on: 2014-08-15 18:14)
Would you mind to test this solution ? ATTENTION CHANGED !!!
https://gitorious.org/testlink-ga/testlink-code/commit/dfcc5df07ccc0bc3d085ee6166e5c6de83fa3855 [^]

(0021709)
fman   
2014-09-27 16:42   
Release done