Werk #6619: Fixed missing CSRF protection for master control AJAX calls
Component | User interface |
Title | Fixed missing CSRF protection for master control AJAX calls |
Date | Sep 17, 2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.4.0p36 1.5.0p5 1.6.0b1 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
The AJAX calls used by the master control snapin were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.
CMK-963