Continuum
  1. Continuum
  2. CONTINUUM-2603

CSRF vulnerability - Continuum doesn't check which form sends credentials

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.3.7, 1.4.1
    • Component/s: Security
    • Labels:
      None
    • Complexity:
      Intermediate
    • Number of attachments :
      0

      Description

      As reported by Anatolia Security Research Group, Apache Archiva doesn't check which form sends credentials. An attacker can create a specially crafted page and force archiva administrators to view it and change their credentials.

      Vulnerability reference key: [CVE-2010-3449] Apache Archiva CSRF Vulnerability

        Activity

        Hide
        Brett Porter added a comment -

        Also affects Continuum

        Show
        Brett Porter added a comment - Also affects Continuum

          People

          • Assignee:
            Brett Porter
            Reporter:
            Maria Odea Ching
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: