| Title | Mist.io Mist Community Edition (CE) 4.7.1 Cross-Site Request Forgery |
|---|
| Description | Vulnerability
Cross-Site Request Forgery (CSRF) on Admin’s Switch User Operation
Summary
Mist Community Edition (CE) before v4.7.2 fails to implement Cross-Site Request Forgery (CSRF) protection for the administrator user-switching functionality ("/su" endpoint). This allows attackers to force administrators into making unintended changes to their accounts, such as changing their email address to that of the attacker.
For full technical details, including proof of concept steps and video please refer to my GitHub repository in the "Advisory / Exploit" field below.
Affected Versions
Vulnerable: ≤ 4.7.1
Fixed: 4.7.2
Suggested Severity
6.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vendor Coordination:
The vulnerability was responsibly disclosed to the Mist Community Edition maintainer. They acknowledged the report and explicitly agreed to a potential CVE assignment. A fix was implemented and released in version 4.7.2.
Mist CE Release 4.7.2 (Patched): https://github.com/mistio/mist-ce/releases/tag/v4.7.2
Fix Commit: https://github.com/mistio/mist.api/commit/db10ecb62ac832c1ed4924556d167efb9bc07fad
Discovered by
Alex Perrakis (Stolichnayer)
Efstratios Chatzoglou (efchatz)
Georgios Kambourakis |
|---|
| Source | ⚠️ https://github.com/Stolichnayer/mist-ce-csrf |
|---|
| User | alexperrakis (UID 85369) |
|---|
| Submission | 05/23/2025 12:43 (1 Year ago) |
|---|
| Moderation | 05/31/2025 18:51 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310750 [Mist Community Edition up to 4.7.1 middleware.py session_start_response cross-site request forgery] |
|---|
| Points | 20 |
|---|