Hello,
sorry to bother you again. Security team has raised following concern,
please guide me in fixing the same:
===============
In Koha version 24.05, CSRF tokens are not getting validated during
insert or update operations (e.g., creating a new patron). Even when the
CSRF token is removed or invalid, Koha still processes the request and
creates the new patron.
Koha Version: 24.05
Steps to Reproduce:
Navigate to the patron creation form in Koha.
Remove the CSRF token from the input and meta tags.
Submit the form to create a new patron.
The new patron is created successfully, despite the missing or
invalid CSRF token.
Koha v24.05 does not validate CSRF tokens correctly, potentially
exposing the system to CSRF attacks.
=================
Regards,
Vikram
_______________________________________________
Koha mailing list http://koha-community.org
Koha@lists.katipo.co.nz
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
