Lucene search

[email protected]CVE-2019-0214

HistoryApr 30, 2019 - 10:29 p.m.

CVE-2019-0214

2019-04-3022:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

apache archiva

cve-2019-0214

file write vulnerability

security

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

CPENameOperatorVersion
apache:archivaapache archivale2.2.3
apache:archivaapache archivale1.3.9

CPE	Name	Operator	Version
apache:archiva	apache archiva	le	2.2.3
apache:archiva	apache archiva	le	1.3.9

References

archiva.apache.org/security.html#CVE-2019-0214

packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html

www.openwall.com/lists/oss-security/2019/04/30/8

www.securityfocus.com/bid/108124

lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33c95b95f467ef8%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776d3dfc550b4f0e%40%3Cusers.maven.apache.org%3E

lists.apache.org/thread.html/5851cb0214f22ba681fb445870eeb6b01afd1fb614e45a22978d7dda%40%3Cusers.archiva.apache.org%3E

lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E

seclists.org/bugtraq/2019/Apr/48

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2019-0214

osv2 cvelist1 prion1 veracode1 github1 zdt1 openvas1