CVE-2025-27792 Information

Description

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1 the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked and if it is invalid the server returns 403. However the referrer header can be dropped from CSRF requests using <meta name= eferrer\ content= ever\> effectively bypassing this protection. Version 5.1.1 contains a patch for the issue.

Reference

https://github.com/obiba/opal/security/advisories/GHSA-27vw-29rq-c358