CVE-2019-0213 – org.apache.archiva:archiva

Package

Manager: maven
Name: org.apache.archiva:archiva
Vulnerable Version: >=0 <2.2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00611 pctl0.68857

Details

Cross-site scripting in Apache Archiva In Apache Archiva before 2.2.4, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Metadata

Created: 2019-05-14T04:00:31Z
Modified: 2021-05-11T16:14:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-cqcf-4g4h-rghf/GHSA-cqcf-4g4h-rghf.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-cqcf-4g4h-rghf
Finding: F425
Auto approve: 1