CVE-2012-2380

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.2%

top 51.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Roller

Timeline

PublishedJun 26

Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDapache/roller5.0+28

🔴Vulnerability Details

GHSA

GHSA-gm66-g5rh-xr6p: Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5↗2022-05-17

▶

CVEList

CVE-2012-2380: Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5↗2012-06-26

▶