Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-5216

Clickjacking on all instances of midPoint

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 3.7, 3.8, 3.9
    • 4.0
    • None
    • Internal
    • M3

    Description

      Clickjacking vulnerability was identified as the web server does not have a 'X-Frame-Options' header. The victim can be tricked into unknowingly initiating some action, for example but not limited to:

      • Enabling/Disabling User.
      • Enabling/Disabling Services, etc.

       

      Reported by Yash Sodha (yashrs) by the means of FOSSA2 bug bounty program.

      Attachments

        Activity

          People

            semancik Radovan Semancik
            semancik Radovan Semancik
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: