New Relic: CSRF at adding new role (user-management.service.newrelic.com)
Hey New Relic security team, I have discovered a CSRF-vulnerability allowing attacker to create new custom role on behalf of victim. The role creation endpoint does not implement correct CSRF-protection so it can be bypassed. The exploited works fine at least at latest Firefox browser. Steps to...