CVE-2022-34134 – CVE-2022-34134 is a Cross-Site Request Forgery ... (How to Fix)

Q: What is the severity of CVE-2022-34134?

CVE-2022-34134 has a CVSS score of 8.8 (HIGH). CVE-2022-34134 is a Cross-Site Request Forgery vulnerability in Benjamin BALET Jorani v1.0 that allows attackers to trick authenticated users into performing unintended actions via the Users.php controller. This affects all users of the vulnerable version who have access to the application. Attackers can exploit this to modify user accounts or perform other administrative actions.

📋 TL;DR

CVE-2022-34134 is a Cross-Site Request Forgery vulnerability in Benjamin BALET Jorani v1.0 that allows attackers to trick authenticated users into performing unintended actions via the Users.php controller. This affects all users of the vulnerable version who have access to the application. Attackers can exploit this to modify user accounts or perform other administrative actions.

💻 Affected Systems

Products:

Benjamin BALET Jorani

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the /application/controllers/Users.php component. Any Jorani installation using the vulnerable version is affected regardless of configuration.

📦 What is this software?

Jorani by Jorani

View all CVEs affecting Jorani →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, privilege escalation, or unauthorized administrative actions leading to data manipulation or system compromise.

🟠

Likely Case

Unauthorized user account modifications, privilege changes, or data manipulation by tricking administrators into clicking malicious links.

🟢

If Mitigated

Limited impact with proper CSRF protections, session management, and user awareness training in place.

🌐 Internet-Facing: HIGH - Web applications exposed to the internet are prime targets for CSRF attacks via phishing or malicious websites.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via internal phishing or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks typically require user interaction but are straightforward to implement. The vulnerability is well-documented in the GitHub issues and commits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 299b5a3a66add4ac643e3ba78ada4d9637c8baff and later versions

Vendor Advisory: https://github.com/bbalet/jorani/commit/299b5a3a66add4ac643e3ba78ada4d9637c8baff

Restart Required: No

Instructions:

1. Update to the latest Jorani version. 2. Apply the specific commit 299b5a3a66add4ac643e3ba78ada4d9637c8baff if updating the entire version isn't possible. 3. Verify CSRF tokens are properly implemented in all forms.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all forms and validate them server-side

Manual code modification required - add CSRF token generation and validation to Users.php and associated views

Use SameSite Cookies

all

Configure session cookies with SameSite=Strict attribute

Set session.cookie_samesite = 'Strict' in PHP configuration or application settings

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF patterns
Enforce strict referrer policies and educate users about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check if your Jorani version is v1.0 and examine /application/controllers/Users.php for missing CSRF token validation in form handling methods.

Check Version:

Check Jorani version in application configuration files or via the web interface if available.

Verify Fix Applied:

Verify that CSRF tokens are generated and validated for all form submissions in the Users controller, and check that the commit 299b5a3a66add4ac643e3ba78ada4d9637c8baff is applied.

📡 Detection & Monitoring

Log Indicators:

Multiple form submissions without CSRF tokens
Unusual user account modifications from unexpected IPs
Failed CSRF validation attempts

Network Indicators:

HTTP POST requests to /application/controllers/Users.php endpoints without proper referrer headers or CSRF tokens

SIEM Query:

source="web_logs" AND (uri="/application/controllers/Users.php" AND method="POST") AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2022-34134

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: June 28, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/bbalet/jorani/commit/299b5a3a66add4ac643e3ba78ada4d9637c8baff Patch,Third Party Advisory
https://github.com/bbalet/jorani/issues/369 Issue Tracking,Third Party Advisory
https://github.com/bbalet/jorani/commit/299b5a3a66add4ac643e3ba78ada4d9637c8baff Patch,Third Party Advisory
https://github.com/bbalet/jorani/issues/369 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34134, you might also want to check these: