bug: CSRF vulnerability #2063
Description
Cortex version
v1.0.10
Describe the issue and expected behaviour
Summary:
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in cortex.cpp. Although difficult, this flaw can enable requests to bypass CSRF protections, allowing unauthorized state‑changing actions on behalf of a user.
Reproduction Steps:
- Identify an endpoint in cortex.cpp that performs a privileged action without proper CSRF validation.
- Construct a proof‑of‑concept HTML form that submits a POST request mimicking a legitimate action. For example:
<!DOCTYPE html>
<html>
<body>
<form method="POST" action="https://example.com/api/endpoint">
<input type="hidden" name="action" value="dangerous_action">
<input type="submit" value="Execute Action">
</form>
</body>
</html>Send the link to a browser for which a user is authenticated with so that the forged request is submitted automatically.
Expected Behavior:
All state‑changing requests should require a valid and unique CSRF token that is associated with the user’s session, preventing unauthorized requests even if the user is authenticated.
Actual Behavior:
The application allows token reuse or omits proper CSRF validation, meaning that a crafted request can trigger unintended changes without proper authorization.
Impact:
Unsanitized CSRF vulnerabilities could allow an attacker to trigger actions such as configuration changes or data modifications. The weakness may result in unauthorized operations taking place, potentially compromising user data and application integrity.
We are working on fixing this issues and will have it ready to ship asap.
Steps to Reproduce
No response
Screenshots / Logs
No response
What is your OS?
- Windows
- Mac Silicon
- Mac Intel
- Linux / Ubuntu
What engine are you running?
- cortex.llamacpp (default)
- cortex.tensorrt-llm (Nvidia GPUs)
- cortex.onnx (NPUs, DirectML)
Hardware Specs eg OS version, GPU
Arch Linux, NVIDIA RTX 2000 Ada Gen