CVE-2010-4408
Last modified
CVE-2010-4408 is a vulnerability of currently unknown severity. Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.. EPSS estimates a 2.02% chance of exploitation in the next 30 days.
Description
Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Archiva | 1.0 |
| Apache | Archiva | 1.0.1 |
| Apache | Archiva | 1.0.2 |
| Apache | Archiva | 1.0.3 |
| Apache | Archiva | 1.1 |
| Apache | Archiva | 1.1.1 |
| Apache | Archiva | 1.1.2 |
| Apache | Archiva | 1.1.3 |
| Apache | Archiva | 1.1.4 |
| Apache | Archiva | 1.2 |
| Apache | Archiva | 1.2.1 |
| Apache | Archiva | 1.2.2 |
| Apache | Archiva | 1.3 |
| Apache | Archiva | 1.3.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-4408?
How severe is CVE-2010-4408?
How do I fix CVE-2010-4408?
Are you affected by CVE-2010-4408?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST