Potential Security vulnerability

[ranjit-git]

Hi, @akshaywebkul @papnoisanjeev @piyushwebkul @shubhwebkul

Few security vulnerability has been submitted through huntr . Plz validate them https://huntr.dev/bounties/1-uvdesk/community-skeleton/ https://huntr.dev/bounties/2-uvdesk/community-skeleton/ https://huntr.dev/bounties/3-uvdesk/community-skeleton/ https://huntr.dev/bounties/4-uvdesk/community-skeleton/ https://huntr.dev/bounties/5-uvdesk/community-skeleton/ https://huntr.dev/bounties/6-uvdesk/community-skeleton/ Report is only visible to repo maintainer and reporter .

[PeopleInside]

Thank you for report this, I really hope the UVdesk team can fix asap with emergency priority and give immediately instruction to fix and update UVdesk.

Is nice to see someone care about security of the product, thanks again!

[papnoisanjeev]

@PeopleInside

The issue reported here is not open and asking for our account access if we are checking it, which is not acceptable for us to provide account access to them.

@ranjit-git can report all issue @ support@uvdesk.com if do not want to public security issues here.

[ranjit-git]

@papnoisanjeev
Report details can be seen by only repo-maintainer for security reason . If you are the maintainer then login to huntr with your GitHub account and you can see details and validate them. Other user cant see report details if he is not a repo-maintainer

[ranjit-git]

If you are not interested to signup there then I can send you all report over above security mail. Pls let me know what you prefer

[papnoisanjeev]

@ranjit-git

Report details can be seen by only repo-maintainer for security reason.

Yes, I do have maintainer access for the project but can't provide account access.

Please send security mail on support@uvdesk.com we will check.

[ranjit-git]

@papnoisanjeev i just sent all report to support@uvdesk.com .

[PeopleInside]

Thank you @ranjit-git @papnoisanjeev I will monitor the progression of the fix in this week, I hope to be able to fix security issues asap 😉

[ranjit-git]

Hi @PeopleInside @papnoisanjeev , there are still 3 bug need to fix

[PeopleInside]

@ranjit-git I know and I wrote to the UVdesk team in private some days or week ago.

Seems they are busy with some other work and I try to explain that a security vulnerability should be at the first position of the priority because this mean every self-hosted server install can be vulnerable and make server vulnerable.

I really hope this security issue will never stay opened for months. 21 days of strong security issue right now.

[jitendra-webkul]

@papnoisanjeev please fix this issue as soon as possible.

[papnoisanjeev]

@PeopleInside @ranjit-git

We have fixed 3 issues out of 6 here and working on other. @Sanjaybhattwebkul working on security issues and will update once done.

[Sanjaybhattwebkul]

Huntr report

https://huntr.dev/bounties/3-uvdesk/community-skeleton/

Fixed here.

2 . Bug : unprivileged user can see all ticket details

Already fixed

3 . Bug : Stored xss https://huntr.dev/bounties/6-uvdesk/community-skeleton/

Fixed here.

4. Bug : Store xss

Already fixed

5. Bug: Agent can make xss attack against admin https://huntr.dev/bounties/1-uvdesk/community-skeleton/

Fixed here. Fixed here.

[Sanjaybhattwebkul]

1 . Bug : privilege escalation bug to pin a threads

Fixed here.

2 . Bug : privilege escalation bug to update customer details

Fixed here.

3. Bug : CSRF bug to add reply to a ticket

Fixed here.

4. Bug : privilege escalation bug to delete collaborator to ticket

Fixed here.

[Sanjaybhattwebkul]

5. Bug : XSS issue via svg file

Fixed here.

6. Bug : privilege escalation bug to star a customer

Fixed here.

7. Bug : privilege escalation bug to add collaborator to ticket

Already Fixed

[Sanjaybhattwebkul]

1. Bug : privilege escalation bug to add collaborator to ticket Fixed here.

[ranjit-git]

Hello, @Sanjaybhattwebkul
If you having problem to reproduce any bug then pls comment into the provided report-link and I will assist you Thanks

[Sanjaybhattwebkul]

Hello , @ranjit-git
I marked all 8 report valid by corresponding report url (magick link received in mail)

[ranjit-git]

@Sanjaybhattwebkul thanks But you mistakenly mark this report invalid https://huntr.dev/bounties/3e695d80-b710-47aa-a66a-5affeb56abef

[Sanjaybhattwebkul]

@ranjit-git I will update it as valid soon

[Sanjaybhattwebkul]

@ranjit-git i have mark this report as valid

[ranjit-git]

@Sanjaybhattwebkul @papnoisanjeev Few other security vulnerability has been submitted to your other repo https://github.com/uvdesk/core-framework can you plz validate them?

[Sanjaybhattwebkul]

@ranjit-git Can you please tell me, which security vulnerability you have been submitted in this repo

[ranjit-git]

@Sanjaybhattwebkul https://huntr.dev/bounties/4bae2d4d-98ae-446d-aac8-44dcd3980b78/

[Sanjaybhattwebkul]

@ranjit-git
please provide me the open link .

[ranjit-git]

Email address where open link will be send?

[Sanjaybhattwebkul]

sanjay.bhatt371@webkul.com

[papnoisanjeev]

@ranjit-git We are closing this issue as all of the security issues mentioned here has been fixed. If can open a new issue if found some more issues.