CIVI-SA-2024-04: Copy / Clone Actions (CSRF)

Gepubliceerd
2024-10-16 12:00
Written by

In some parts of the CiviCRM administrative interface, the "Copy" or "Clone" actions are vulnerable to cross-site request forgery.

Security Risk
Critical
Vulnerability
Cross Site Request Forgery
Affected Versions

CiviCRM versions 5.78.1 and earlier

Fixed Versions

CiviCRM versions 5.78.2 and 5.75.4 (ESR)

Publication Date
Solutions

Upgrade to the latest CiviCRM version

Credits
  • Reporter: Ranjit Pahan
  • Development/Review: Seamus Lee of JMA Consulting & CiviCRM Core Team; Dave D; Kevin Cristiano of Tadpole Collective; Tim Otten of CiviCRM; Coleman Watts of CiviCRM
References

security/core#129