Cross Site Request Forgery Bug in edX LMS

Blog
1

Originally published at: Cross Site Request Forgery Bug in edX LMS - Open edX

Security Alert Severity: High Category: CSRF Affected Projects: edx-platform Reporter: self-reported Permanent URL: During a review of the edX platform code some side-effecting HTTP GET requests were discovered. Such requests are generally undesirable and do not enforce Cross Site Request Forgery (CSRF) protection. In one specific case users could potentially escalate their privileges via an…