request #4831 CSRF issue

Artifact

Infos

Artifact ID#4831

Submitted bySandra Echinard (sechinard)

Last Modified On2014-02-28 13:50

Submitted on2013-08-22 18:13

Rank5133

Details

Summary *

CSRF issue

Original Submission

This prevents to update values in the following pages:
/account/change_email.php
/account/change_pwd.php

It impacts probably all those which are using CSRFTokenSynchronizer::check().

CategoryOther

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toNicolas Terray (nterray)

StatusClosed

Close date2014-02-28

Attachments

Connected artifacts

Artifact links

Empty

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Show items referenced by request #4831

Referenced by request #4831

Artifact Tracker v5

request #6154 Cannot change password upon expiration

Follow-ups

Manuel Vacelet (vaceletm)

2014-02-28 13:50

The issue on /account/change_pw.php has be fixed in 6.11 (see request #6154)

Status changed from Under implementation to Closed
Close date set to 2014-02-28

Sandra Echinard (sechinard)

2013-08-26 12:07

The issue on /account/change_email.php has been fixed in Tuleap 6.4.

Status changed from New to Under implementation
Assigned to changed from None to Nicolas Terray (nterray)

Public

Artifact links

Reverse artifact links

Referenced by request #4831

Artifact Tracker v5

Follow-ups