CVE-2021-29436

Name of the Vulnerable Software and Affected Versions: Anuko Time Tracker versions prior to 1.19.27.5431

Description: A Cross site request forgery (CSRF) issue exists, where a logged-on user may be tricked by social engineering into clicking on an attacker-provided form, potentially executing unintended actions, such as changing the user's password.

Recommendations: For versions prior to 1.19.27.5431, upgrade to version 1.19.27.5431 to fix the issue. As a temporary workaround, introduce the ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed().