Further details on security issues fixed in The Bug Genie 2.1.2

As announced a few days ago, a couple of security flaws have been fixed in The Bug Genie 2.1.2. More information on the fixed flaws are now available as Secunia Advisory SA42081.

We would like to thank Russ McRee and Secunia for bringing these issues to our attention.

The first issue was an XSS flaw in scope handling. You can manually specify the scope in the URL, and if the scope is invalid the value entered is returned to the user. This means that if a <script> tag is specified as the scope ID, it would be possible to execute JavaScript code on the error page. This has been fixed by just stating the scope is invalid if it is not a number, and only returning the number if the numbered scope does not exist.

The second flaw was with requests not being verified to see if they were actioned by The Bug Genie itself. That means that a link to the user delete page can be disguised as an otherwise harmless link, assuming a user with relevant permissions is logged in. All requests that manipulate data now verify that The Bug Genie initiated the request, by requiring a unique token to be specified in the request (which is also stored in the session), and this token is verified against the session cookie. If there is a difference, then the request is discarded.

Both issues are now fixed and included in the latest release, as previously stated.

One thought on “Further details on security issues fixed in The Bug Genie 2.1.2

  1. Hi to all, how is the whole thing, I think every one is getting more from this web site, and
    your views are pleasant designed for new visitors.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.