CSRF protection bypass
Synopsis
A vulnerability has been found in Kallithea.
Description
Routes allows GET requests to override the HTTP method, which breaks the Kallithea CSRF protection (which only applies to POST requests).
The attacker might misuse GET requests method overriding to trick user into issuing a request with a different method, thus bypassing the CSRF protection.
Resolution
Søren Løvborg wrote a patch fixing the issue, which is included in the release 0.3.2. Users are advised to upgrade as soon as possible.
Affected versions
As far as we know, the issue is present in all previously released Kallithea versions.
References
CVE-2016-3691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3691
Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/9b74296e6af624023970d8634e804b76ed2dd2b4