CVE-2023-5687 – This CSRF vulnerability in mosparo allows attac... (How to Fix)

Q: What is the severity of CVE-2023-5687?

CVE-2023-5687 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in mosparo allows attackers to trick authenticated users into performing unintended actions on their behalf. It affects all users of mosparo versions prior to 1.0.3 who are logged into the application.

📋 TL;DR

This CSRF vulnerability in mosparo allows attackers to trick authenticated users into performing unintended actions on their behalf. It affects all users of mosparo versions prior to 1.0.3 who are logged into the application.

💻 Affected Systems

Products:

mosparo

Versions: All versions prior to 1.0.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of mosparo before version 1.0.3 are vulnerable regardless of configuration.

📦 What is this software?

Mosparo by Mosparo

View all CVEs affecting Mosparo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform administrative actions like changing configurations, deleting projects, or modifying user permissions without the victim's knowledge.

🟠

Likely Case

Attackers could manipulate spam filter settings, create/delete projects, or modify user accounts through forged requests.

🟢

If Mitigated

With proper CSRF protections, requests would be rejected unless they include valid anti-CSRF tokens, preventing unauthorized actions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to be authenticated and visit a malicious page while logged into mosparo.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.3

Vendor Advisory: https://github.com/mosparo/mosparo/commit/fb3ac528b7548beb802182310967968a21c1354a

Restart Required: Yes

Instructions:

1. Backup your current installation. 2. Update mosparo to version 1.0.3 or later. 3. Restart the mosparo service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Implement CSRF Token Validation

all

Manually add CSRF token validation to all state-changing endpoints

Use SameSite Cookies

all

Configure session cookies with SameSite=Strict attribute

🧯 If You Can't Patch

Implement web application firewall rules to detect and block CSRF attempts
Educate users about the risks of visiting untrusted websites while logged into mosparo

🔍 How to Verify

Check if Vulnerable:

Check mosparo version - if it's below 1.0.3, it's vulnerable

Check Version:

Check mosparo admin interface or configuration files for version information

Verify Fix Applied:

Verify version is 1.0.3 or higher and test CSRF protection by attempting to submit forms without valid tokens

📡 Detection & Monitoring

Log Indicators:

Multiple failed state-changing requests from same IP
Requests missing CSRF tokens

Network Indicators:

HTTP POST requests to mosparo endpoints without Referer headers or CSRF tokens

SIEM Query:

source="mosparo" AND (status=403 AND message="CSRF token missing" OR status=200 AND method=POST AND user_agent contains suspicious)

📊 Metadata

CVE ID: CVE-2023-5687

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: October 20, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/mosparo/mosparo/commit/fb3ac528b7548beb802182310967968a21c1354a Patch
https://huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d Exploit,Patch,Third Party Advisory
https://github.com/mosparo/mosparo/commit/fb3ac528b7548beb802182310967968a21c1354a Patch
https://huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5687, you might also want to check these: