Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxY2YtNGc0aC1yZ2hm

Cross-site scripting in Apache Archiva

In Apache Archiva before 2.2.4, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Permalink: https://github.com/advisories/GHSA-cqcf-4g4h-rghf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxY2YtNGc0aC1yZ2hm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago


CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Percentage: 0.00225
EPSS Percentile: 0.61502

Identifiers: GHSA-cqcf-4g4h-rghf, CVE-2019-0213
References: Blast Radius: 1.0

Affected Packages

maven:org.apache.archiva:archiva
Dependent packages: 0
Dependent repositories: 0
Downloads:
Affected Version Ranges: < 2.2.4
Fixed in: 2.2.4
All affected versions: 2.2.0, 2.2.1, 2.2.3
All unaffected versions: 2.2.4