Name of the Vulnerable Software and Affected Versions eZ Platform versions prior to 2.5.4 eZ Platform version 3.0.0 and earlier

Description The issue concerns a potential vulnerability in the eZ Platform log in form, where the Cross-Site Request Forgery (CSRF) token is present but the CSRF functionality is not enabled by default. This means the token is inactive.

Recommendations For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. For version 3.0.0 and earlier, consider manually enabling the CSRF functionality by editing the security configuration file, setting the csrf token generator key to security.csrf.token manager. As a temporary workaround, consider manually enabling the CSRF token in your configuration until a patch is available.