Cross-Site Request Forgery (CSRF)

Affecting silverstripe/framework package, versions >=4.0.0, <4.4.0

Do your applications use this vulnerable package? Test your applications

Overview

silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). The Cross Site Request Forgery protection for GraphQL mutation queries does not adequately protect against CSRF attacks on GraphQL endpoints. When a GraphQL query is formed with a fragment portion, it needs to check whether the query is a mutation and, so the X-CSRF-TOKEN header, the token header that is required for the CSRF protection module, is not required with the HTTP request and therefore is able to bypass the CSRF protection.

Remediation

Upgrade silverstripe/framework to version 4.4.0 or higher.

References

CVSS Score

4.3
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    Low
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:H/RL:U/RC:C
Credit
Unknown
CVE
CVE-2019-12246
CWE
CWE-352
Snyk ID
SNYK-PHP-SILVERSTRIPEFRAMEWORK-449594
Disclosed
10 Jun, 2019
Published
11 Jun, 2019