Published
2024-10-16 12:00
In some parts of the CiviCRM administrative interface, the "Copy" or "Clone" actions are vulnerable to cross-site request forgery.
Security Risk
Critical
Vulnerability
Cross Site Request Forgery
Affected Versions
CiviCRM versions 5.78.1 and earlier
Fixed Versions
CiviCRM versions 5.78.2 and 5.75.4 (ESR)
Publication Date
Solutions
Upgrade to the latest CiviCRM version
Credits
- Reporter: Ranjit Pahan
- Development/Review: Seamus Lee of JMA Consulting & CiviCRM Core Team; Dave D; Kevin Cristiano of Tadpole Collective; Tim Otten of CiviCRM; Coleman Watts of CiviCRM
References
security/core#129