CVE-2010-4408

Apache Archiva 1.0-1.3.1 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.

References (3)

Core 3
Core References
Various Sources x_refsource_confirm
http://archiva.apache.org/security.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514937/100/0/threaded

Scores

EPSS 0.0202
EPSS Percentile 78.7%

Details

CWE
CWE-79
Status published
Products (15)
apache/archiva 1.0
apache/archiva 1.0.1
apache/archiva 1.0.2
apache/archiva 1.0.3
apache/archiva 1.1
apache/archiva 1.1.1
apache/archiva 1.1.2
apache/archiva 1.1.3
apache/archiva 1.1.4
apache/archiva 1.2
... and 5 more
Published Dec 06, 2010
Tracked Since Feb 18, 2026