•  
      request #7790 Anti-CSRF token missing in SSH keys edit form and bookmark delete
    Infos
    #7790
    Thomas Gerbet (tgerbet)
    2016-11-08 16:40
    2015-01-23 10:39
    7792
    Details
    Anti-CSRF token missing in SSH keys edit form and bookmark delete

    Impact

    These vulnerabilities could be used to add/modify an SSH key of an user or force deletion of a bookmark.

    CVSS2 score: 4 (AV:N/AC:H/Au:N/C:P/I:P/A:N)

    References

    https://cwe.mitre.org/data/definitions/352.html
    https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%2528CSRF%2529

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-04-08
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Tuleap 8.0.99.18

    • Summary
      -Anti-CSRF token missing in SSH keys edit form, search form and bookmark delete 
      +Anti-CSRF token missing in SSH keys edit form and bookmark delete 
    • Status changed from Under review to Closed
    • Close date set to 2015-04-08
    User avatar
    Thomas Gerbet (tgerbet)2015-04-07 10:58
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes