VYPR
Unrated severityNVD Advisory· Published Oct 14, 2024· Updated Nov 1, 2024

Apache Roller: Weakness in CSRF protection allows privilege escalation

CVE-2024-46911

Description

Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4.

Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue.

Roller 6.1.4 release announcement:  https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw

Affected products

2
  • Apache/Rollerllm-fuzzy
    Range: <6.1.4
  • Apache Software Foundation/Apache Rollerv5
    Range: 1.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.