Snippets Groups Projects

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

#5 - Webtune App - CSRF - CSRF Song Deletion

I am not sure if DELETE method is CSRF-able or not. A stackoverflow thread says it is possible. So, I guess this one can be considered as Vulnerability since the songs' id are enumerable and if an admin fell into a trap then the attacker could just delete the whole songs database.

Edited 1 year ago

Child items

0

Show labels

No child items are currently assigned. Use child items to break down this issue into smaller parts.

Activity

Dimas Muzaki changed the description 1 year ago

changed the description
Dimas Muzaki @maspaitujaki · 1 year ago

Author Owner

Implementing CSRF token may not feasible for now, so i just use same site flag on session cookie to reduce the threat. #ff964085

Please register or sign in to reply

Labels

None

Milestone

None

Due date

None

Confidentiality

Not confidential

0 Participants