CIVI-SA-2024-04: Copy / Clone Actions (CSRF)

Publicat

2024-10-16 12:00

Written by

dev-team

In some parts of the CiviCRM administrative interface, the "Copy" or "Clone" actions are vulnerable to cross-site request forgery.

Security Risk

Critical

Vulnerability

Cross Site Request Forgery

Affected Versions

CiviCRM versions 5.78.1 and earlier

Fixed Versions

CiviCRM versions 5.78.2 and 5.75.4 (ESR)

Publication Date

2024-10-16 - 12:00

Solutions

Upgrade to the latest CiviCRM version

Credits

Reporter: Ranjit Pahan
Development/Review: Seamus Lee of JMA Consulting & CiviCRM Core Team; Dave D; Kevin Cristiano of Tadpole Collective; Tim Otten of CiviCRM; Coleman Watts of CiviCRM

References

security/core#129

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2023, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D8]

CIVI-SA-2024-04: Copy / Clone Actions (CSRF)

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2024-04: Copy / Clone Actions (CSRF)

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM