SYM_PY_0237 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cross-Site Request Forgery (CSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The global CSRF protection in your Pyramid app has been configured with 'check_origin=False', which disables automatic verification of the request's origin. This weakens the defense against cross-site request forgery attacks, especially if an insecure CSRF storage policy is used.
Impact
By disabling origin checking, attackers may be able to trick authenticated users into performing unintended actions on your site. This can lead to unauthorized data changes, exposure of sensitive information, or other malicious activities, putting your users and application at risk.