csrf vulnerability in sunstone
|Target version:||Release 4.6.2|
|Affected Versions:||OpenNebula 4.6|
Dennis Felsch and Mario Heiderich from the Ruhr-Universität Bochumhave reported a series of vulnerabilites that consist on Sunstone being vulnerable to malicious CSRF exploits and vulnerabilities in the core XML sanitization leading to malformed XML exploits, which allowed for DoS attacks.
This issues have been addressed in the "csrf-fix" branch and have been included in the OpenNebula 4.6.2 maintenance release