[
https://issues.apache.org/jira/browse/GEODE-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15527070#comment-15527070
]
Jared Stewart commented on GEODE-1532:
--------------------------------------
I have this fixed on a [branch |
https://github.com/jaredjstewart/incubator-geode/tree/GEODE-1532], but it needs
to wait for post 9.0 Beta to be merged in since it required bumping
spring-security versions.
> Pulse is vulnerable to clickjacking
> -----------------------------------
>
> Key: GEODE-1532
> URL: https://issues.apache.org/jira/browse/GEODE-1532
> Project: Geode
> Issue Type: Bug
> Components: pulse
> Reporter: Swapnil Bawaskar
> Assignee: Jared Stewart
>
> The Pulse application is vulnerable to clickjacking. An attacker could frame
> in the web application and highjack a click, tricking a client into making an
> unintentional transaction. Attackers exploit this vulnerability by loading
> target pages in IFRAMEs but keeping them hidden, and then orienting the frame
> so that a user click on the embedding page is routed to a UI control on the
> embedded page. The attack will be hidden from the user and perpetrated
> without the user’s knowledge.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
