CVE-2024-46911— Apache Roller: Weakness in CSRF protection allows privilege escalation

Apache Roller: Weakness in CSRF protection allows privilege escalation

Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement:  https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw

N/A

跨站请求伪造(CSRF)

Apache Roller 跨站请求伪造漏洞

Apache Roller是美国阿帕奇（Apache）基金会的一套基于Java的多用户开源博客系统。 Apache Roller 6.1.4之前版本存在跨站请求伪造漏洞。攻击者利用该漏洞可以提升权限。

N/A

N/A