SYM_JAVA_0145 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cross-Site Request Forgery (CSRF)
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
CSRF protection is disabled in this Spring configuration, leaving the application vulnerable to cross-site request forgery attacks. This means malicious sites could trick authenticated users into performing unintended actions.
Impact
If exploited, attackers could perform actions on behalf of legitimate users without their consent, such as changing account details, making unauthorized transactions, or modifying sensitive data. This can lead to data breaches, loss of user trust, and regulatory compliance issues.