CVE-2024-46911

Name of the Vulnerable Software and Affected Versions Apache Roller versions prior to 6.1.4

Description A Cross-site Resource Forgery (CSRF) and privilege escalation vulnerability exists in Apache Roller. On multi-blog/user Roller websites, weblog owners are trusted to publish arbitrary weblog content by default. This, combined with a deficiency in Roller's CSRF protections, allows an escalation of privileges attack.

Recommendations To resolve the issue, upgrade to version 6.1.4, which fixes the problem. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.