CVE-2024-24819

Name of the Vulnerable Software and Affected Versions icingaweb2-module-incubator versions prior to 0.22.0

Description The issue concerns the class gipflWebForm, which is the base for various concrete form implementations and provides protection against cross-site request forgery (CSRF) by default. However, even if enabled, the CSRF token sent during a client's submission of a form relying on it is not validated. This enables attackers to perform changes on behalf of a user who unknowingly interacts with a prepared link or website.

Recommendations For versions prior to 0.22.0, upgrade to version 0.22.0 to remedy the issue. As a temporary workaround, consider disabling the gipflWebForm class until a patch is available. However, since there are no known workarounds for this vulnerability, upgrading to the fixed version is the recommended course of action.