Description Language: en
Description: An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
Tuleap mail change CSRF vulnerability leads to account takeover
I've got my first CVE. Here is the POC video.
Thanks god for public disclosure concept 🙂
— Mustafa iran (@Mustafaran) March 5, 2018