Cross-Site Request Forgery Vulnerabilities in Apache Archiva Product by The Apache Software Foundation

CVE-2016-4469

Summary

Apache Archiva versions 1.3.9 and earlier exhibit multiple vulnerabilities allowing remote attackers to perform cross-site request forgery (CSRF) attacks. These vulnerabilities enable unauthorized actions such as hijacking administrative authentication to perform crucial tasks without consent. This includes adding new repository proxy connectors, creating and editing repositories, modifying organizational appearances, and uploading new artifacts, all through exploitation of the 'token' parameter. The vulnerabilities pose a significant security risk to systems relying on Apache Archiva, necessitating immediate attention and remediation to safeguard against potential exploitation.

References