IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
e97d2b134338c9d2eb9fd6c645bb25adb1b9c0a8
freeipa/ipaserver
History
Rob Crittenden 08e6fb3a2c Check the HTTP Referer header on all requests 
The referer was only checked in WSGIExecutioner classes:

 - jsonserver
 - KerberosWSGIExecutioner
 - xmlserver
 - jsonserver_kerb

This left /i18n_messages, /session/login_kerberos,
/session/login_x509, /session/login_password,
/session/change_password and /session/sync_token unprotected
against CSRF attacks.

CVE-2023-5455

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
(cherry picked from commit 2c52a7dfd26ac561786e72e4304acbf9585698b6)
2024-01-10 10:40:11 +01:00
..
advise
pylint: Skip raising-bad-type
2022-03-11 13:37:08 -05:00
custodia
pylint: fix consider-iterating-dictionary
2023-01-10 08:30:58 +01:00
dnssec
pylint: Fix useless-suppression
2022-03-11 13:37:08 -05:00
install
Use datetime.timezone.utc instead of newer datetime.UTC alias
2023-10-02 17:39:50 -04:00
plugins
idp: add the ipaidpuser objectclass when needed
2023-09-01 13:20:34 -04:00
secrets
pylint: disable missing-timeout message
2023-01-10 08:30:58 +01:00
__init__.py
Change FreeIPA license to GPLv3+
2010-12-20 17:19:53 -05:00
dcerpc_common.py
Py3: Replace six.text_type with str
2018-09-27 16:11:18 +02:00
dcerpc.py
pylint: Fix unused-variable
2022-03-11 13:37:08 -05:00
dns_data_management.py
Wipe the ipa-ca DNS record when updating system records
2023-02-09 14:24:14 -05:00
Makefile.am
Build: Makefiles for Python packages
2016-11-09 13:08:32 +01:00
masters.py
Configure affinity during server installation
2023-09-15 13:53:12 +02:00
p11helper.py
Grammar: whitespace is a word
2020-06-23 10:16:29 +02:00
rpcserver.py
Check the HTTP Referer header on all requests
2024-01-10 10:40:11 +01:00
servroles.py
Use api.env.container_sysaccounts
2020-04-28 11:28:29 +02:00
setup.cfg
Port all setup.py to setuptools
2016-10-20 18:43:37 +02:00
setup.py
Also drop Custodia client and forwarder
2021-06-16 10:28:17 -04:00
topology.py
pylint: Fix consider-using-dict-items
2022-03-11 13:37:08 -05:00
wsgi.py
Improve wsgi app loading
2021-04-07 11:43:23 +03:00