Описание
CSRF issue on preview pages in Bolt CMS
Impact
Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.
Patches
This has been fixed in Bolt 3.7.1
References
Related issue: https://github.com/bolt/bolt/pull/7853
Ссылки
- https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
- https://nvd.nist.gov/vuln/detail/CVE-2020-4040
- https://github.com/bolt/bolt/pull/7853
- https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
- http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
- http://seclists.org/fulldisclosure/2020/Jul/4
Пакеты
bolt/bolt
< 3.7.1
3.7.1
Связанные уязвимости
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
