Liman Cross-Site Request Forgery Vulnerability Allowing Unauthorized Account Manipulation
Vulnerability
A cross-site request forgery (CSRF) vulnerability has been identified in Liman version 0.7. This vulnerability allows attackers to manipulate user account settings without proper request validation. By crafting malicious HTML forms, attackers can trick logged-in users into submitting unauthorized requests that change passwords or modify account information.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in user account settings, including password modifications and alterations of profile information.
Reproduction
To reproduce this vulnerability, log into the Liman application and navigate to the settings profile or password endpoints. An attacker can then send a crafted HTML form that, when submitted by the victim, will change account details or the password. This can be done by including the form in an email or message, exploiting the lack of CSRF protection.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.