Description

Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement:  https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw

INFO

Published Date :

2024-10-14T08:13:05.578Z

Last Modified :

2024-11-01T17:06:11.070Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-46911 vulnerability.

Vendors Products
Apache
  • Roller
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-46911.

URL Resource
http://www.openwall.com/lists/oss-security/2024/10/12/1 cve-icon
https://lists.apache.org/thread/6m0ghjo9j92qty00t2qb6qf2spds0p5t cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact