liangliangyy DjangoBlog Missing Authentication Vulnerability in Clean Endpoint
Vulnerability
A vulnerability exists in liangliangyy DjangoBlog versions through 2.1.0.0, specifically in the Clean Endpoint located in blog/views.py. This vulnerability allows unauthenticated users to purge the application cache remotely, leading to a cache stampede denial-of-service condition by forcing all requests to bypass the cache and directly access the database.
Impact
Exploitation of this vulnerability causes a cache stampede denial-of-service, where repeated cache purges force all application requests to hit the database directly, bypassing the cache.
Reproduction
The vulnerability can be reproduced by sending a request to the /clean endpoint without any authentication. This can be done using a curl command. The response will indicate that the cache has been successfully cleared. To amplify the denial-of-service effect, this cache purging action can be repeated multiple times in a loop, which will cause all requests to bypass the cache and hit the database directly.
Remediation
It is recommended to add authentication requirements to the /clean endpoint by using the @login_required and @staff_member_required decorators.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.