Actions
Bug #6999
closed
CVE-2014-3590 - User logout susceptible to CSRF attack
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Description
I have created page on completely different machine with:
- cat /var/www/html/pub/aaa.html
<html>
<body>
<img src='https://foreman.example.com/users/logout'/>
</body>
</html>
and once I have loaded it, I was logged-off from webUI.
Reported by Jan Hutař of Red Hat.
Updated by Dominic Cleal over 10 years ago
- Subject changed from User logout susceptible to CSRF attack to CVE-2014-3590 - User logout susceptible to CSRF attack
Updated by Anonymous 
Updated by
Updated by Dominic Cleal over 10 years ago
- Translation missing: en.field_release changed from 20 to 22
Updated by Daniel Lobato Garcia over 10 years ago
- Assignee changed from Shlomi Zadok to Daniel Lobato Garcia
Updated by The Foreman Bot over 10 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/1738 added
- Pull request deleted (
)
Updated by Daniel Lobato Garcia over 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Updated by Dominic Cleal over 10 years ago
- Related to Bug #7736: Change to prevent unauthenticated requests for CSRF modified login behaviour as well added
Updated by Marek Hulán over 10 years ago
- Related to Bug #7737: Change for issue 6999 broke logout for PAM-based (intercept) authentication added
Actions