Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host
Medium
G
GSA Bounty
Submitted None
Team Summary
Official summary from GSA Bounty
We endorse sp1d3rs's summary! The PR fixing this ticket is here: https://github.com/18F/federalist/pull/1157
Actions:
Reported by
sp1d3rs
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$300.00
Submitted
Weakness
Cross-Site Request Forgery (CSRF)