Sunbird-Ed SunbirdEd-portal Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Sunbird-Ed SunbirdEd-portal version 1.13.4. This issue allows attackers to deceive users into performing actions they did not intend to, potentially leading to unauthorized modifications of user data or account settings.

Impact

Exploitation of this vulnerability could result in unauthorized actions being performed on behalf of the user, potentially leading to changes in user data or account settings.

Reproduction

To reproduce this vulnerability, a user must be logged into the SunbirdEd portal. An attacker can then send a request that exploits the CSRF vulnerability, tricking the user into performing an action without their consent. This could be done by embedding the request in a web page or email that the user is likely to interact with.