Branch: refs/heads/1.6.0
Home:
https://github.com/tribe29/checkmk
Commit: 3edd587dbed6fecebeb17220cca559d27fdb57dd
https://github.com/tribe29/checkmk/commit/3edd587dbed6fecebeb17220cca559d27…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-07-03 (Fri, 03 Jul 2020)
Changed paths:
A .werks/11085
M cmk/gui/wato/pages/icons.py
Log Message:
-----------
11085 SEC Icon upload: Add missing transaction validation
The transaction IDs (CSRF tokens) were not validated while processing the upload of
icons.
This alone is not a security hole, rather a lack of validation of this call.
Change-Id: Ie014ca7f6714cdbdf58cadf4939c8bd0e4d909f8