Apache Archiva CSRF Vulnerability CVE-2017-5657
- CVSSv3 Score
- Vulnerability description
Apache Archiva is prone to CSRF vulnerabilities for various REST endpoints.
- Risk description
Several REST service endpoints of Apache Archiva are not protected against CSRF attacks. A malicious site opened in the same browser as the archiva site, may send HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).
Upgrade to version 2.2.3 or later.
- Not available