Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
Description
As pointed out in STASH-5335, the
TemporaryAvatarController.save resource is vulnerable to CSRF. Currently there appears to be no impact of it being vulnerable except for making a user upload a temporary avatar file (which are periodically deleted).
Attachments
Issue Links
- relates to
-
BSERV-5335 User avatar upload endpoint is vulnerable to XSRF
- Closed
- Is related to
-
SCT-1985 Loading...