Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-12-06T20:00:00
Updated: 2024-08-07T03:43:14.705Z
Reserved: 2010-12-06T00:00:00
Link: CVE-2010-4408
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-12-06T20:13:00.560
Modified: 2023-11-07T02:06:20.590
Link: CVE-2010-4408
Redhat
No data.