CVE-2010-4408

Name of the Vulnerable Software and Affected Versions Apache Archiva versions 1.0 through 1.3.1

Description The issue allows context-dependent attackers to gain privileges more easily by leveraging either an unattended workstation or a cross-site request forgery (CSRF) vulnerability. This occurs because the system does not require the administrator's password when modifying a user account.

Recommendations For Apache Archiva versions 1.0 through 1.3.1, consider implementing additional authentication measures for user account modifications, such as requiring the administrator's password, to mitigate the risk of unauthorized privilege escalation. As a temporary workaround, restrict access to user account modification features to minimize the risk of exploitation.