OpenCA contains a cross site request forgery (XSRF) vulenrability that may allow an attacker to leverage an administrator's creditials to execute activities on the Certification Authority. The risk is MEDIUM. An authenticated user can be manipulated into executing activities on the CA - such as digital certificate issuance - without knowledge or consent.
More...