Apache Archiva 1.0 up to and including 1.0.3, 1.1 up to and including 1.1.4, 1.2 up to and including 1.2.2, and 1.3 up to and including 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent malicious users to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache archiva 1.2.1 |
||
apache archiva 1.0.3 |
||
apache archiva 1.1.4 |
||
apache archiva 1.2 |
||
apache archiva 1.2.2 |
||
apache archiva 1.0 |
||
apache archiva 1.1.3 |
||
apache archiva 1.0.1 |
||
apache archiva 1.3 |
||
apache archiva 1.1.2 |
||
apache archiva 1.1 |
||
apache archiva 1.3.1 |
||
apache archiva 1.1.1 |
||
apache archiva 1.0.2 |