[CONTINUUM-2603] CSRF vulnerability - Continuum doesn't check which form sends credentials - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.3.7, 1.4.1
Component/s: Security
Labels:
None

Description

As reported by Anatolia Security Research Group, Apache Archiva doesn't check which form sends credentials. An attacker can create a specially crafted page and force archiva administrators to view it and change their credentials.

Vulnerability reference key: [CVE-2010-3449] Apache Archiva CSRF Vulnerability

Attachments

Activity

People

Assignee:: Brett Porter

Reporter:: Maria Odea B. Ching

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 01/Feb/11 05:47

Updated:: 01/Feb/11 05:50

Resolved:: 01/Feb/11 05:50