Continuum

CSRF vulnerability - Continuum doesn't check which form sends credentials

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 1.3.7, 1.4.1
  • Component/s: Security
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

As reported by Anatolia Security Research Group, Apache Archiva doesn't check which form sends credentials. An attacker can create a specially crafted page and force archiva administrators to view it and change their credentials.

Vulnerability reference key: [CVE-2010-3449] Apache Archiva CSRF Vulnerability

Activity

People

  • Assignee:
    Brett Porter
    Reporter:
    Maria Odea Ching
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: