Open Forms Cosigning Submission Reference Guessing Vulnerability Allowing Unauthorized Data Access

A vulnerability in Open Forms prior to versions 3.3.13 and 3.4.5 allows users to access arbitrary submission details by guessing or modifying submission reference codes. This issue arises in the cosigning process, where a cosigner receives an email with a reference code to access a submission. After logging in, attackers can exploit this by guessing codes or altering received ones to retrieve submissions from other users, potentially leading to unauthorized access to sensitive data. The impact varies depending on the form's registration plugin and the sequential nature of case numbers in the downstream system.

Impact

This vulnerability could result in unintended access to sensitive submission details, causing a privacy breach. The severity of the impact is heightened if the form's registration system uses easily guessable sequential IDs.

Remediation

Users can update to Open Forms versions 3.3.13, 3.4.5, or the main branch, all of which include the necessary patch. After updating, the submission lookup process has been modified to include a verification step, ensuring that only the intended cosigner can access the submission. Additionally, the API now has rate limits to prevent brute-force attempts.