Cross-Site Request Forgery (CSRF)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
CSRF protection is disabled in this Spring configuration, leaving the application vulnerable to cross-site request forgery attacks. This means malicious sites could trick authenticated users into performing unintended actions.
Impact#
If exploited, attackers could perform actions on behalf of legitimate users without their consent, such as changing account details, making unauthorized transactions, or modifying sensitive data. This can lead to data breaches, loss of user trust, and regulatory compliance issues.