Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Cross-Site Request Forgery (CSRF) #1785

Open
Dimfacion opened this issue Oct 30, 2024 · 0 comments
Open

[security] Cross-Site Request Forgery (CSRF) #1785

Dimfacion opened this issue Oct 30, 2024 · 0 comments
Labels
bug use for describing something not working as expected security use to identify issue related to security
Milestone
Bugs backlog

Comments

@Dimfacion
Copy link
Member

Description

CSRF protection is disabled by csrf. This allows the attackers to execute requests on a user's behalf.

openbas-api/src/main/java/io/openbas/config/AppSecurityConfig.java:105
@Dimfacion Dimfacion added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team security use to identify issue related to security and removed needs triage use to identify issue needing triage from Filigran Product team labels Oct 30, 2024
@EllynBsc EllynBsc added this to the Bugs backlog milestone Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected security use to identify issue related to security
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
2 participants
@Dimfacion @EllynBsc