Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-11425

Test "POC for CSRF Token" (CVE-2019-12425)

    XMLWordPrintableJSON

Details

    • Test
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Release Branch 18.12, Release Branch 17.12, Trunk
    • None
    • ALL APPLICATIONS
    • None

    Description

      Hi All,

      This "test" Jira to ask your help to review and test the work done in OFBIZ-11306. We have done all our possible, and now help is welcome. If you are experienced with penetrations tools, please use them.

      You can find the branch to use in
      https://github.com/JacquesLeRoux/ofbiz-framework/tree/POC-for-CSRF-Token-OFBIZ-11306
      https://github.com/JacquesLeRoux/ofbiz-plugins/tree/POC-for-CSRF-Token-OFBIZ-11306.

      It's ready to merge in OFBiz trunk but we will not create a PR before being rassured that we (James and I) did not miss any issues. Like links without "csrf" token, or regressions introduced by the effort.

      TIA

      Attachments

        Issue Links

          is depended upon by

          Sub-task - The sub-task of the issue OFBIZ-11306 POC for CSRF Token (CVE-2019-0235)

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link Draft PR for framework

          Web Link PR for plugins

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: