提出 #857933: wger-project wger 2.6.0-alpha2 / master branch at commit ea7844731f7e3fe5865c327c1f93f5f4a76dde75 CWE-352 Cross-Site Request Forgery / CWE-749 Exposed Dangerous M情報

タイトルwger-project wger 2.6.0-alpha2 / master branch at commit ea7844731f7e3fe5865c327c1f93f5f4a76dde75 CWE-352 Cross-Site Request Forgery / CWE-749 Exposed Dangerous M
説明wger's gym user password reset view performs a security-sensitive account action on any HTTP method, including GET. The route `user/<int:user_pk>/reset-user-password` calls `reset_user_password()`, which checks that the requester is authenticated and has gym-management permissions, then generates a new password, calls `user.set_password(password)`, saves the target user, and renders the generated password. Because the view does not require POST and Django CSRF protection does not apply to GET requests, an attacker can cause an authenticated gym manager's browser to request a crafted reset URL for a user in scope. The target user's old password is invalidated without deliberate confirmation, causing account lockout and exposing the generated replacement password in the manager's browser response. Remediation should require POST with CSRF validation and an explicit confirmation step.
ソース⚠️ https://github.com/wger-project/wger/issues/2380
ユーザー
 GalaxynC (UID 98975)
送信2026年06月13日 13:10 (1 月 ago)
モデレーション2026年07月18日 10:37 (1 month later)
ステータス重複
VulDBエントリ236497 [wger Workout Manager 2.2.0a3 User-Management Page gym/views/gym.py クロスサイトリクエストフォージェリ]
ポイント0

Interested in the pricing of exploits?

See the underground prices here!