•  
      request #7785 Vulnerable to clickjacking attack
    Infos
    #7785
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-21 14:55
    7787
    Details
    Vulnerable to clickjacking attack

    Tuleap is vulnerable to clickjacking attack (aka UI redress attack).

    Impact

    An attacker could trick an user into doing some actions like clicking on a button or filling a form and route informations to another page.
    CVSS2 score : 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

    Exploitation

    A proof of concept is attached. Put the URL you want to test instead of TULEAP_URL.

    References

    https://www.owasp.org/index.php/Clickjacking
    http://seclab.stanford.edu/websec/framebusting/framebust.pdf

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-01-22
    Attachments
    Proof of concept clickjacking
    References

    Follow-ups

    User avatar
    Merged in Tuleap 7.9.99.54

    • Status changed from Under implementation to Closed
    • Close date set to 2015-01-22