Back to search
CVE-2010-4408
Published: Dec 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://archiva.apache.org/security.html
x_refsource_CONFIRM
[archiva-users] 20101129 Apache Archiva CSRF Vulnerability
mailing-list
x_refsource_MLIST
20101129 [CVE-2010-3449] Apache Archiva CSRF Vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now