Versions of keystone
prior to 4.0.0 are vulnerable to Cross-Site Request Forgery (CSRF). The package fails to validate the presence of the X-CSRF-Token
header, which may allow attackers to carry actions on behalf of other users on all endpoints.
Update to version 4.0.0 or later.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-352" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:50:45Z" }