OrientDB Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in OrientDB version 3.0.17 GA Community Edition. This vulnerability allows attackers to perform unauthorized actions by sending crafted requests to various endpoints, including /database/, /command/, and /document/. Exploitation of this vulnerability could enable attackers to create or delete databases, modify schema classes, manage users, and create functions. The vulnerability arises from the absence of token validation for authenticated requests, coupled with reflected and stored cross-site scripting vulnerabilities in the web interface.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the user, such as creating or deleting databases, managing users, and modifying database functions or schema.

Reproduction

To reproduce this vulnerability, send an authenticated request to one of the vulnerable endpoints without including a CSRF token. This can be done by using a tool that allows for the crafting of HTTP requests, such as Postman or a similar application. Include the necessary authentication headers and cookies, but omit the CSRF token. The request will be processed as if it were a legitimate user action, allowing for unauthorized changes to be made.