-
Alexis Ragot authored
The http request to change the token is of type GET. The GET type isn't check by the CSRF protection. So, with a CSRF attack on an administrator user, is possible to change the service token. The API was changed with the PUT http request type.