Duplicate Advisory: Authentication Bypass by CSRF Weakness

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...

Cross-site Request Forgery (CSRF)

railsadmin, and several other libraries, are vulnerable to cross-site request forgery CSRF attacks. Non-GET methods in the affect libraries are found to not validate CSRF tokens. It is possible for an attacker to gain access to a site's administrative endpoints that are exposed by the gem. The...