Werk #6618: Fixed missing CSRF protection for host diagnostic AJAX calls
Komponente | Setup | ||||||
Titel | Fixed missing CSRF protection for host diagnostic AJAX calls | ||||||
Datum | 17.09.2018 | ||||||
Level | Kleine Änderung | ||||||
Klasse | Sicherheitsfix | ||||||
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen | ||||||
Checkmk versions & editions |
|
The AJAX calls used by the host diagnostic page were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.