Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7790 Anti-CSRF token missing in SSH keys edit form and bookmark delete
    Actions
    Infos
    #7790
    Thomas Gerbet (tgerbet)
    2016-11-08 16:40
    2015-01-23 10:39
    7792
    Details
    Anti-CSRF token missing in SSH keys edit form and bookmark delete

    Impact

    These vulnerabilities could be used to add/modify an SSH key of an user or force deletion of a bookmark.

    CVSS2 score: 4 (AV:N/AC:H/Au:N/C:P/I:P/A:N)

    References

    https://cwe.mitre.org/data/definitions/352.html
    https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%2528CSRF%2529

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-04-08
    Attachments
    Empty
    References
    Referencing request #7790

    Artifact Tracker v5

    rel #7968 8.1

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/18/3518/3' of ssh://gerrit.tuleap.net:29418/tuleap into stable a01a623dc8
    User avatar Nicolas Terray (nterray) , 2015-04-08 11:06
    request #7790: Add missing anti-CSRF token in SSH keys edit form and bookmarks management 486a28b336
    User avatar Thomas Gerbet (tgerbet) , 2015-04-07 17:27
    Referenced by request #7790

    Other

    gerrit #7790
    Display settings

    Follow-ups

    User avatar
    Nicolas Terray (nterray)2015-04-08 11:12
    Tuleap 8.0.99.18
    • Summary
      -Anti-CSRF token missing in SSH keys edit form, search form and bookmark delete 
      +Anti-CSRF token missing in SSH keys edit form and bookmark delete 
    • Status changed from Under review to Closed
    • Close date set to 2015-04-08
    User avatar
    Thomas Gerbet (tgerbet)2015-04-07 10:58
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes