CVE-2022-27671 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

A CSRF token is usually a hidden piece of information that a server sends back to the client with each request. If you have access to this token and could craft a request that would have a high probability of being executed by the server, you may be able to retrieve sensitive information from the server. For instance, a malicious user may access a system that has a CSRF protection enabled, construct a malicious request, and receive access to an account that the user didn’t have access to. To prevent CSRF attacks, be sure that your applications are checking the user’s request type to confirm it is a valid request and the user has proper permissions to access the application.

Summary

A CSRF token is a hidden piece of information that the server sends back to the client with each request. If you have access to this token and could craft a request that would have high probability of being executed by the server, you may be able to retrieve sensitive information from the server. For instance, a malicious user may access a system that has a CSRF protection enabled, construct a malicious request, and receive access to an account that the user didn't have access to. To prevent CSRF attacks, be sure that your applications are checking the user's request type to confirm it is a valid request and the user has proper permissions to access the application.
To prevent CSRF attacks, make sure your applications are checking for valid requests from users with correct permission levels.

CSRF Prevention Cheat Sheet

CSRF attacks are one of the most common security vulnerabilities. To prevent CSRF, you need to make sure that your application is checking for a valid request and the user has permission to access the application. A CSRF protection cheat sheet can help you with that process.
To prevent CSRF attacks:
* Ensure your server sends back a CSRF token with each request
* Validate the type of request coming from the user
* Validate that the user has permission to access the application

What is a CSRF?

A Cross Site Request Forgery (CSRF) is a type of attack that occurs when an attacker tricks a user into clicking on a link or form that causes unwanted actions to be taken on behalf of the victim, without the victim’s knowledge. CSRF attacks occur when content on one web page includes links to other pages which are set up to steal data from the user.
The vulnerability is caused by design flaws within applications that allow input fields with hidden values and submit buttons which can be used in conjunction with JavaScript or HTML to submit requests from malicious websites back to the original site.
Reopen this article if you want more information about CSRF, how it works, and what can be done about it.

Timeline

Published on: 04/12/2022 17:15:00 UTC
Last modified on: 04/20/2022 17:47:00 UTC

References

• https://launchpad.support.sap.com/#/notes/3130497
• https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27671