CVE-2017-5657

Name of the Vulnerable Software and Affected Versions Apache Archiva (affected versions not specified)

Description The issue concerns several REST service endpoints of Apache Archiva that are not protected against Cross Site Request Forgery (CSRF) attacks. This means a malicious site, opened in the same browser as the Archiva site, can send an HTML response that performs arbitrary actions on Archiva services with the same rights as the active Archiva session, potentially including administrator rights.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.