CVE-2019-0214 – org.apache.archiva:archiva

Package

Manager: maven
Name: org.apache.archiva:archiva
Vulnerable Version: >=2.2.0 <2.2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01743 pctl0.81783

Details

Improper Input Validation in Apache Archiva In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Metadata

Created: 2019-05-14T04:00:21Z
Modified: 2021-07-27T20:35:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-jxgm-9f58-w4xp/GHSA-jxgm-9f58-w4xp.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-jxgm-9f58-w4xp
Finding: F184
Auto approve: 1