Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Fixed in versions: 4.0 (unreleased),  3.9.1 (unreleased), 3.8.1 (unreleased), 3.7.2 3 (unreleased)


MidPoint user interface is vulnerable to clickjacking. The attacker can embed midPoint user interface in a frame. The victim can be tricked into unknowingly initiating actions in the user interface. The issue was caused by a missing X-Frame-Options header.