Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-2105

Protect Optimize from CSRF attacks

    XMLWordPrintable

Details

    Description

      • given:
        • I log in to Optimize
      • when:
        • In another tab I click on a link that contains a forged request to Optimize, which would perform an action that I don't want to perform, e.g. deleting a report.
      • then:
        • the forged request is not being executed
      • such that:
        • Optimize only performs actions that I authorized it to do and attackers acan't force me to execute unwanted actions

      AT:

      • Optimize is protected against CSRF attacks
      • There is a security notice informing users that the Optimize 2.5 contains a protection mechanism agains CSRF attacks

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Sub-task - The sub-task of the issue OPT-1929 Add CSRF-Protection

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Done
            There are no Sub-Tasks for this issue.

            Activity

              People

                Unassigned Unassigned
                felix.mueller Felix Mueller
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce