Impact
There is no CSRF checks in Galette. This affects all versions prior to 0.9.6.
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing.
Patches
Upgrade to 0.9.6. No workaround is available.
JoshuaMart Analyst
Impact
There is no CSRF checks in Galette. This affects all versions prior to 0.9.6.
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing.
Patches
Upgrade to 0.9.6. No workaround is available.