Logout page vulnerable to CSRF

Bug #1298790 reported by Julian Edwards on 2014-03-28
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
High
Raphaël Badin
1.2
High
Raphaël Badin
1.5
High
Raphaël Badin

Bug Description

The logout page can be accessed by browsing to /MAAS/accounts/logout/. This has no protection
against cross-site request forgery attacks, so remote attackers may be able to cause annoyance by
forcing users to log out of the application.

Related branches

Raphaël Badin (rvb) on 2014-03-28
Changed in maas:
assignee: nobody → Raphaël Badin (rvb)
status: Triaged → In Progress
Raphaël Badin (rvb) on 2014-04-02
Changed in maas:
status: In Progress → Fix Committed
Raphaël Badin (rvb) on 2014-04-02
Changed in maas:
milestone: none → 14.04
milestone: 14.04 → 14.10
Changed in maas:
status: Fix Committed → Fix Released
milestone: 14.10 → none
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers