Anti-CSRF Token setting should be enabled
Impact area
Security
Severity
High
Affected element
System property
Rule ID
SN-0198Impact
Cross site Request Forgery is a significant security risk that violates the integrity of the instance data. An attacker can launch the CSRF attack on any instance user by abusing the application's trust on the instance user. With the help of social engineering attacks, a user can submit a malformed request on behalf of the attacker on the instance.
Remediation
Set the system property "glide.security.use_csrf_token" to true to enable an extra validation step before the instance user submits a write request to the instance.
Time to fix
15 min
References
This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.