FlaskBlog Arbitrary Comment Deletion Vulnerability

A vulnerability exists in FlaskBlog versions through 2.8.0, allowing users to delete comments arbitrarily without ownership validation. By intercepting the delete request and modifying the commentID, any user can remove comments from others on any post. The issue arises in routes/post.py.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of comments, potentially disrupting discussions or removing important information from the blog.

Reproduction

To reproduce this vulnerability, send a delete request for a comment using a commentID that does not belong to the user making the request. The absence of ownership validation will allow the comment to be deleted successfully.

Remediation

Implement a check to ensure that the user requesting the deletion owns the comment identified by the commentID before allowing the deletion to proceed.