New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross Site Request Forgery Vulnerability in OpenCMS 10.5.3 #586
Comments
|
Any update on reported issue |
|
Hi, we are looking into this and will fix the issue with our next maintenance release. |
|
Thanks for the response. I will wait for the updated release. Kindly mention my details in new release. Name : Sureshbabu Narvaneni |
|
Hi, Can i get exact ETA for this fix. |
|
Hi Team, |
|
Hi @tHerrmann, |
|
Hi Kai, |
|
Ops, the problem in version 11.x... :/ |
Hi Team, I would like to report Multiple CSRF vulnerability in latest version. mitre.org assigned new CVE for this vulnerabiliity.
Description:
Cross-site request forgery (CSRF) vulnerability in opencms/system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of unspecified victims for requests that perform privilege escalation.
Steps to Reproduce:
Fix:
Implementation of random token in every state changing request will mitigate the issue.
Affected Version:
10.5.3 release
The text was updated successfully, but these errors were encountered: