Sebastian's Blog

software developer. security enthusiast.

Day: 9 August 2023

XSRF in Benno MailArchiv Web-App (benno-web < 2.10.2) (CVE-2023-38348)

The Benno MailArchiv Web-App (benno-web prior is vulnerable to Cross-Site-Request-Forgery. To exploit the vulnerability the attacker sends a link to a prepared page to a Benno MailArchiv user. The link then is able to trigger actions in the name of the user such as changing the users password (if the user is logged in).