Authentication Bypass in Apache Archiva by The Apache Software Foundation
CVE-2010-4408

Currently unrated

Key Information:

Vendor: Apache
Status: Archiva
Vendor: CVE Published:; 6 December 2010

Summary

Apache Archiva versions 1.0 through 1.3.1 allow unauthorized modification of user accounts without requiring the administrator's password. This vulnerability poses a risk, especially in environments where workstations may be left unattended. Additionally, it can be exploited through a cross-site request forgery (CSRF) attack, enabling attackers to potentially elevate privileges. Organizations utilizing affected versions of Archiva are advised to implement security measures and apply patches to safeguard their systems.

References

http://archiva.apache.org/security.html

x_refsource_CONFIRM

http://mail-archives.apache.org/mod_mbox/archiva-users/20...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/archive/1/514937/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 6, 2010
Vulnerability Reserved
Dec 6, 2010