Inedo ProGet Insecure Reflection and CSRF Vulnerabilities – Full Disclosure
Posted by Daniel Owens via Fulldisclosure on Apr 26
Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks
(among other things) because the information system directly exposes the C# reflection used during the request-action
mapping process and fails to properly protect certain pathways. These are amplified by cross-site request forgery
vulnerabilities (CSRF) due to the application’s failure to verify the HTTP request method…
– Read More – Full Disclosure