An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Advisory | Patch | Confirmed | Link |
---|---|---|---|
https://docs.aviatrix.com/HowTos/security_bulletin_artic... |