Loading...

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.6.0
Affects Version/s: None
Component/s: Security - Other
Labels:

As pointed out in ~~STASH-5335~~, the
TemporaryAvatarController.save resource is vulnerable to CSRF. Currently there appears to be no impact of it being vulnerable except for making a user upload a temporary avatar file (which are periodically deleted).

relates to

BSERV-5335 User avatar upload endpoint is vulnerable to XSRF

Closed

Is related to: SCT-1985 Loading...

mentioned in: Page Loading...; Page Loading...

Assignee:: Marcin (Inactive)
Reporter:: David Black
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: 07/Oct/2014 1:32 AM
Updated:: 16/Feb/2017 2:07 AM
Resolved:: 06/Jan/2015 4:59 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates