[
https://issues.apache.org/jira/browse/JSPWIKI-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Juan Pablo Santos Rodríguez updated JSPWIKI-1140:
-------------------------------------------------
Fix Version/s: (was: FutureVersion)
2.11.0
Issue Type: Task (was: Bug)
Priority: Minor (was: Critical)
Security: (was: Security Vulnerability Disclosure)
Summary: Autogenerate changenote on page comments (was: Insecure
direct object reference via comment lead to impersonate other users.)
Removed security level clearance, as not a security issue, and renaming/reusing
the issue to track agreed improvement.
> Autogenerate changenote on page comments
> ----------------------------------------
>
> Key: JSPWIKI-1140
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1140
> Project: JSPWiki
> Issue Type: Task
> Components: Core & storage
> Affects Versions: 2.11.0-M8
> Environment: Windows new version
> Firefox version 84.0.1
> Reporter: Nguyen Dang Khai
> Priority: Minor
> Fix For: 2.11.0
>
> Attachments: wiki.mp4
>
>
> In the comment function, users can impersonate other users to leave comments.
> Vulnerable code is *line 86* in *Comment.jsp* :
> {code:java}
> // String author = TextUtil.replaceEntities( request.getParameter("author")
> );
> {code}
> Replace any *user* in parameter *author* to impersonate.
> * Request :
> {code:java}
> POST /wikijsp_m8_war/Comment.jsp?page=Main HTTP/1.1
> Host: localhost:8080
> page=Main&action=save&encodingcheck=%E3%81%81&xnfull=1608888733842&submit_auth=&ok=&changenote=&author=dangkhai&link=&_editedtext=n%C3%A2nna%0D%0A{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
