Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0041748 | Openbravo ERP | A. Platform | public | 2019-09-04 12:42 | 2019-09-26 15:10 |
|
| Reporter | cberner | |
| Assigned To | cberner | |
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | 3.0PR19Q4 | |
| Merge Request Status | |
| Review Assigned To | AugustoMauch |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0041748: DeleteImageActionHandler is vulnerable to CSRF attacks |
| Description | DeleteImageActionHandler is not protected against CSRF attacks |
| Steps To Reproduce | - |
| Proposed Solution | Extract code corresponding to CSRF token validation from DataSourceServlet to an utility class. Add CSRF token validation to DeleteImageActionHandler and to the call function. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0034491 | | acknowledged | Triage Platform Base | Review access for DeleteImageActionHandler class | | related to | feature request | 0039123 | | closed | jarmendariz | Add CSRF Token support |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2019-09-04 12:42 | cberner | New Issue | |
| 2019-09-04 12:42 | cberner | Assigned To | => platform |
| 2019-09-04 12:42 | cberner | OBNetwork customer | => No |
| 2019-09-04 12:42 | cberner | Modules | => Core |
| 2019-09-04 12:42 | cberner | Triggers an Emergency Pack | => No |
| 2019-09-04 12:42 | cberner | Assigned To | platform => cberner |
| 2019-09-04 12:42 | cberner | Status | new => scheduled |
| 2019-09-04 12:43 | cberner | Review Assigned To | => AugustoMauch |
| 2019-09-04 12:43 | cberner | Relationship added | related to 0034491 |
| 2019-09-04 12:43 | cberner | Relationship added | related to 0039123 |
| 2019-09-20 10:13 | AugustoMauch | Description Updated | bug_revision_view_page.php?rev_id=19391#r19391 |
| 2019-09-26 09:47 | hgbot | Checkin | |
| 2019-09-26 09:47 | hgbot | Note Added: 0114797 | |
| 2019-09-26 09:47 | hgbot | Status | scheduled => resolved |
| 2019-09-26 09:47 | hgbot | Resolution | open => fixed |
| 2019-09-26 09:47 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/abbc789f0146476b5566216f591839f08cb65c5c [^] |
| 2019-09-26 09:47 | AugustoMauch | Note Added: 0114798 | |
| 2019-09-26 09:47 | AugustoMauch | Status | resolved => closed |
| 2019-09-26 09:47 | AugustoMauch | Fixed in Version | => 3.0PR19Q4 |
| 2019-09-26 15:10 | hudsonbot | Checkin | |
| 2019-09-26 15:10 | hudsonbot | Note Added: 0114811 | |