Werk #6618: Fixed missing CSRF protection for host diagnostic AJAX calls
Component | Setup | ||||||
Title | Fixed missing CSRF protection for host diagnostic AJAX calls | ||||||
Date | Sep 17, 2018 | ||||||
Level | Trivial Change | ||||||
Class | Security Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
The AJAX calls used by the host diagnostic page were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.