J0K3R

**Nome do software vulnerável e versões afetadas** Versões 2.5.2 a 2.5.3 do wallabag **Descrição** A falha permite que invasores excluam arbitrariamente contas de usuário por meio do endpoint “/account/delete”. Trata-se de uma vulnerabilidade do tipo Cross-Site Request Forgery (CSRF). **Recomendações** Para as versões 2.5.2 a 2.5.3 do wallabag, atualize para a versão 2.5.4 para resolver o problema. Como solução temporária, considere restringir o acesso ao endpoint “/account/delete” até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** wallabag versions prior to 2.5.4 **Description** The issue is related to improper authorization in the wallabag GitHub repository. **Recommendations** For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wallabag versions prior to 2.5.4 **Description** The issue is related to Cross-Site Request Forgery (CSRF) in the wallabag GitHub repository. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wallabag versions prior to 2.5.4 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which occurs when an application stores user input without proper validation and later displays it, allowing attackers to inject malicious scripts. This can lead to unauthorized actions on behalf of the user. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. As a temporary workaround, consider restricting user input validation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wallabag versions prior to 2.5.3 **Description** The issue concerns an improper authorization vulnerability in the wallabag GitHub repository. It affects the export feature, which allows users to export entries in various formats, such as PDF, MOBI, or TXT, without proper ownership validation. This is due to a lack of access validation in the `downloadEntryAction` method. For example, a user can export an entry using the endpoint `/export/45.pdf` without being the owner of the entry. The vulnerability can lead to insecure direct object reference attacks, allowing logged-in users to export any single entry without validation. **Recommendations** For versions prior to 2.5.3, update to version 2.5.3 or higher, especially if you have multiple users or open registration. As a temporary workaround, consider blocking requests to the endpoint `/export/*` to limit the risk of exploitation. This can be achieved by configuring your web server, for example, with nginx, using the following configuration: ``` location /export { deny all; } ```

**Name of the Vulnerable Software and Affected Versions** wallabag versions prior to 2.5.3 **Description** The issue concerns improper authorization in the wallabag GitHub repository. Specifically, the annotations feature allows users to add annotations on highlighted parts of an entry. However, the controller does not validate authorization on `PUT` and `DELETE` requests, enabling a logged-in user to modify or delete any annotation using their ID on the endpoint `example.org/annotations/{id}`. This vulnerability also discloses highlighted parts of the entry to the attacker. **Recommendations** For versions prior to 2.5.3, update to version 2.5.3 or higher, especially if you have more than one user and/or open registration. As a temporary workaround, consider restricting access to the annotations feature until the update is applied. Additionally, ensure that user checks are implemented in the vulnerable methods before applying changes to an annotation, and replace the Annotation retrieval through a `ParamConverter` with a call to the `AnnotationRepository` to prevent information disclosure.