mirror of https://github.com/MISP/MISP
fix: [security] changed menu_custom_right_link to CLI only
- allows a malicious / hijacked admin account to embed malicious js in a global menu link otherwise - as reported by Nils Putnins and Jeroen Pinoy from NCIA NCSCpull/9764/head
parent
07b6355815
commit
33a1eb6640
|
@ -6246,6 +6246,7 @@ class Server extends AppModel
|
|||
'value' => null,
|
||||
'type' => 'string',
|
||||
'null' => true,
|
||||
'cli_only' => true,
|
||||
],
|
||||
'menu_custom_right_link_html' => [
|
||||
'level' => self::SETTING_OPTIONAL,
|
||||
|
|
Loading…
Reference in New Issue