Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-7971

Possible CSRF vulnerability in BBB ajax intermediate script

XMLWordPrintable

    • MOODLE_38_STABLE

      I couldn't find where BBB performs sesskey checking in {bbb_ajax.php, which it appears to use as a custom endpoint for AJAX interactions - this could allow actions to be performed by a user without their knowledge

      Solution: implement user sesskey checks, or re-factor to use AJAX webservices

            jfederico Jesus Federico
            pholden Paul Holden
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.