Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-12-06T20:00:00
Updated: 2018-10-10T18:57:01
Reserved: 2010-12-06T00:00:00
Link: CVE-2010-4408
JSON object: View
NVD Information
Status : Modified
Published: 2010-12-06T20:13:00.560
Modified: 2023-11-07T02:06:20.590
Link: CVE-2010-4408
JSON object: View
Redhat Information
No data.
CWE