[ZBX-19150] Review all controller actions for SID validation (CVE-2021-27927) - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Defect (Security)
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.30rc1, 5.0.10rc1, 5.2.6rc1, 5.4.0beta2, 5.4 (plan)
Component/s: Frontend (F)
Labels:
- security

Team:
Team D
Sprint:
Sprint 74 (Mar 2021)
Story Points:
2

Description

Please review and update all controller actions and non-MVC pages for CSRF token (SID) validation

Attachments

Issue Links

caused by

ZBXNEXT-6294 Replace all mass-update pages with popup windows

Closed

part of

ZBX-18942 CControllerAuthenticationUpdate controller is not protected by a CSRF token (CVE-2021-27927)

Closed

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Roberts Lataria

Reporter:: Rostislav Palivoda

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2021 Mar 04 09:40

Updated:: 2021 Apr 06 10:10

Resolved:: 2021 Mar 26 15:31