Cross-Site Request Forgery (CSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This view in your Pyramid application has CSRF protection turned off, making it vulnerable to cross-site request forgery attacks. Without CSRF protection, requests from malicious sites can perform actions as if they were from legitimate users.
Impact#
If exploited, an attacker could trick users into performing unwanted actions—such as changing settings or making transactions—without their knowledge. This can lead to unauthorized access, data changes, or account compromise, potentially impacting application integrity and user trust.