GHSA-cqcf-4g4h-rghf

Source

https://github.com/advisories/GHSA-cqcf-4g4h-rghf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-cqcf-4g4h-rghf/GHSA-cqcf-4g4h-rghf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cqcf-4g4h-rghf

Aliases

CVE-2019-0213

Published

2019-05-14T04:00:31Z

Modified

2023-11-08T04:00:31.540571Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Cross-site scripting in Apache Archiva

Details

In Apache Archiva before 2.2.4, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Database specific

{
    "nvd_published_at": "2019-04-30T22:29:00Z",
    "github_reviewed_at": "2019-05-03T15:36:51Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.archiva:archiva

Package

Name: org.apache.archiva:archiva; View open source insights on deps.dev
Purl: pkg:maven/org.apache.archiva/archiva

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4

Affected versions

1.*

1.1

1.1.1

1.1.2

1.1.3

1.1.4

1.2-M1

1.2

1.2.1

1.2.2

1.3

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.8

1.3.9

1.4-M1

1.4-M2

1.4-M3

1.4-M4

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.2.0

2.2.1

2.2.3