Cross-Site Request Forgery (CSRF)

Assembla Auth Plugin is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to lack of a state parameter in its OAuth flow which allows an attacker to trick a user into logging into the attacker’s account.Read More