The TWiki SecurityTeam triaged this issue as documented in TWikiSecurityAlertProcess and assigned the following severity level: * Severity 3 issue: TWiki content or browser is compromised. Reproducible: Always Steps to Reproduce: This is fixed in TWiki 4.3.2.
CVE-2009-4898 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4898): Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
package has been removed from tree
(In reply to comment #2) > package has been removed from tree Thanks. Closing noglsa since twiki was only ever ~arch.