Werk #6619: Fixed missing CSRF protection for master control AJAX calls
Component | User interface | ||||||
Title | Fixed missing CSRF protection for master control AJAX calls | ||||||
Date | Sep 17, 2018 | ||||||
Level | Trivial Change | ||||||
Class | Security Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
The AJAX calls used by the master control snapin were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.
CMK-963