Werk #6620: Fixed missing CSRF protection for site status AJAX calls
Component | User interface | ||||||
Title | Fixed missing CSRF protection for site status AJAX calls | ||||||
Date | Sep 17, 2018 | ||||||
Level | Trivial Change | ||||||
Class | Security Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
The AJAX calls used by the site status snapin were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.