How severe is CVE-2024-46911?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-46911?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-46911 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw

Related Vulnerabilities

CVE-2019-20100

MEDIUM

CVSS:4.7(Medium)

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, ...

CWE-3522019

CVE-2020-6206

MEDIUM

CVSS:4.7(Medium)

SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted ...

CWE-3522020

CVE-2021-27701

MEDIUM

CVSS:4.7(Medium)

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/...

CWE-3522021

CVE-2021-34661

MEDIUM

CVSS:4.7(Medium)

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attac...

CWE-3522021

CVE-2022-0328

MEDIUM

CVSS:4.7(Medium)

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

CWE-3522022

CVE-2022-3750

MEDIUM

CVSS:4.7(Medium)

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

CWE-3522022