CSV Request Authorization should be enabled
Impact area
Security
Severity
High
Affected element
System property
Rule ID
SN-0192Impact
Without appropriate authorization configured on the incoming CSV requests, an unauthorized user can get access to sensitive content/data on the target instance.
Remediation
It is recommended to set this property "glide.basicauth.required.csv" to true, as without appropriate authorization configured on the incoming CSV requests, an unauthorized user can get access to sensitive content/data on the target instance.
Time to fix
15 min
References
This rule is linked to Common Weakness Enumeration CWE-862 Missing Authorization.