[//]: # (werk v2)
# Fix Various CSRF Issues
key | value
---------- | ---
date | 2024-06-21T08:32:14+00:00
version | 2.4.0b1
class | security
edition | cre
component | wato
level | 1
compatible | yes
This Werk adds priviously missing CSRF-Token validation to various endpoints in WATO.
The lack of CSRF-Token validation could allow an attacker to perform actions on behalf of
a user without their consent, by tricking the user into visiting clicking on a malicious
link.
This vulnerability was identified during a commissioned penetration test conducted by PS
Positive Security GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High
(`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`) and assigned `CVE-2024-28828`.