Commit - freeipa - cc3a1dbdbcbf7f5c73c472068dad68d8abb6b677

freeipa

`cc3a1db` Check the HTTP Referer header on all requests

1 file Authored by frenaud 4 months ago, Committed by antorres 4 months ago,

raw patch tree parent

1 file changed. 31 lines added. 3 lines removed.

    Check the HTTP Referer header on all requests
    
    The referer was only checked in WSGIExecutioner classes:
    
     - jsonserver
     - KerberosWSGIExecutioner
     - xmlserver
     - jsonserver_kerb
    
    This left /i18n_messages, /session/login_kerberos,
    /session/login_x509, /session/login_password,
    /session/change_password and /session/sync_token unprotected
    against CSRF attacks.
    
    CVE-2023-5455
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    (cherry picked from commit 2e0d7d94a4bce0c5abc4b6d08a48a9451deb1c11)

ipaserver/rpcserver.py

file modified

+31 -3

freeipa

Source Code

cc3a1db Check the HTTP Referer header on all requests

1 file Authored by frenaud 4 months ago, Committed by antorres 4 months ago,

`cc3a1db` Check the HTTP Referer header on all requests