The ClientLogService does not check a RuntimeFormID token and can thus be misused by an attacker for XSRF scenarios to generate log entries under the session of a client. Although this does not yet allow attacks, it still stands out negatively in security analyses.
An enhancement request (#34937) has been created.
WORKAROUND
None
STATUS
The product team will evaluate the request and this feature may become available in a future release of the product.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback 使用条款 隐私 Cookie Preference Center