Exporting of CSV files needs to sanitize data
Bug #1930471 reported by
Robert Lyon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Unassigned | ||
20.04 |
Fix Released
|
High
|
Unassigned | ||
20.10 |
Fix Released
|
High
|
Unassigned | ||
21.04 |
Fix Released
|
High
|
Unassigned |
Bug Description
When we export CSV files, like we do in the reports pages, we don't sanitize the output.
This means if a person saves data (like their username) beginning with certain characters, eg = or + etc then the data when added into a spreadsheet program will interpret the value as a command.
This allows one to create a malicious string so that they can exploit spreadsheet vulnerabilities.
Though this exploit isn't effecting Mahara itself - it can be the vector of transmission.
It will be best if we sanitize the CSV exports to avoid this.
A suggestion is to add a TAB character before any string that begins with a susceptible character
CVE References
Changed in mahara: | |
status: | Confirmed → In Progress |
no longer affects: | mahara/21.10 |
information type: | Private Security → Public Security |
To post a comment you must log in.
https:/ /reviews. mahara. org/#/c/ 11819/