On August 28 2017 23:55 UTC two vulnerabilities affecting the server manager (web management UI) of NethServer have been reported by Gjoko ‘LiquidWorm’ Krstic
Both NS 6 and NS 7 versions are affected.
I’m working on a fix for the UI framework, Nethgui. Further fixes to individual packages could be required, expecially for NS7.
You can mitigate the issue by executing the logoff immediately after using the Server Manager.
See also Personal Safety CSRF Tips for Users (owasp.org) for more best practices…
/cc @dev_team @quality_team