You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@archiva.apache.org by "Brett Porter (JIRA)" <ji...@codehaus.org> on 2011/02/01 12:47:22 UTC

[jira] Created: (MRM-1454) CSRF vulnerability - Continuum doesn't check which form sends credentials

CSRF vulnerability - Continuum doesn't check which form sends credentials
-------------------------------------------------------------------------

                 Key: MRM-1454
                 URL: http://jira.codehaus.org/browse/MRM-1454
             Project: Archiva
          Issue Type: Bug
          Components: Users/Security
            Reporter: Maria Odea Ching
            Assignee: Maria Odea Ching
            Priority: Critical
             Fix For: 1.3.2


As reported by Anatolia Security Research Group, Apache Archiva doesn't check which form sends credentials. An attacker can create a specially crafted page and force archiva administrators to view it and change their credentials.

Vulnerability reference key: [CVE-2010-3449] Apache Archiva CSRF Vulnerability

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira