In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. Upstream bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948 https://github.com/vert-x3/vertx-web/issues/970 Upstream patch: https://github.com/vert-x3/vertx-web/commit/98891b1d9e022b467a3e4674aca4d1889849b1d5
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes (text-only advisories) Via RHSA-2018:2371 https://access.redhat.com/errata/RHSA-2018:2371
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-12540