CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

bookstack is vulnerable to Cross-Site Request Forgery (CSRF)

Permalink

Browse files

Prevented auto-login from direct email confirmation actions

Was done for convenience but could potentially be exploited by an
attacker using signing up via one of these routes, then forwarding
an email confirmation to another user so they unknowingly utilise
an account someone else controls.

Tweaks the flow of confirming email, and the user invite flow.

For #3050

*   Loading branch information

Showing with **9 additions** and **14 deletions**.

1.  +1 −2 app/Http/Controllers/Auth/ConfirmEmailController.php
2.  +3 −7 app/Http/Controllers/Auth/UserInviteController.php
3.  +2 −2 resources/lang/en/auth.php
4.  +2 −2 tests/Auth/AuthTest.php
5.  +1 −1 tests/Auth/UserInviteTest.php

Headline

CVE-2021-3944: Prevented auto-login from direct email confirmation actions · BookStackApp/BookStack@88e6f93

CVE: Latest News