Werk #6619: Fixed missing CSRF protection for master control AJAX calls

Komponente User interface
Titel Fixed missing CSRF protection for master control AJAX calls
Datum 17.09.2018
Checkmk Edition Checkmk Raw (CRE)
Checkmk-Version 1.4.0p36 1.5.0p5 1.6.0b1
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

The AJAX calls used by the master control snapin were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.

CMK-963

Zur Liste aller Werks