Werk #6619: Fixed missing CSRF protection for master control AJAX calls
Komponente | User interface |
Titel | Fixed missing CSRF protection for master control AJAX calls |
Datum | 17.09.2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.4.0p36 1.5.0p5 1.6.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
The AJAX calls used by the master control snapin were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.
CMK-963