Apache Jackrabbit Authentication Hijacking Vulnerability
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Nov 7, 2023
Package
Affected versions
>= 2.4.0, < 2.4.6
>= 2.6.0, < 2.6.6
>= 2.8.0, < 2.8.3
>= 2.10.0, < 2.10.4
>= 2.12.0, < 2.12.4
>= 2.13.0, < 2.13.3
Patched versions
2.4.6
2.6.6
2.8.3
2.10.4
2.12.4
2.13.3
Description
Published by the National Vulnerability Database
Sep 21, 2016
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Jul 31, 2023
Last updated
Nov 7, 2023
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
References