Skip to content
  • Alexis Ragot's avatar
    fix security bug that allow to change service account token · 58d1a798
    Alexis Ragot authored
    The http request to change the token is of type GET. The GET type isn't check by the CSRF protection. So, with a CSRF attack on an administrator user, is possible to change the service token. The API was changed with the PUT http request type.
    58d1a798