Lucene search

K

ApacheCVELIST:CVE-2019-0214

HistoryApr 30, 2019 - 9:48 p.m.

CVE-2019-0214

2019-04-3021:48:54

apache

www.cve.org

4

EPSS

0.004

Percentile

73.4%

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

CNA Affected

[
  {
    "product": "Apache Archiva",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to version 2.2.4"
      }
    ]
  }
]

References

archiva.apache.org/security.html#CVE-2019-0214

packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html

www.openwall.com/lists/oss-security/2019/04/30/8

www.securityfocus.com/bid/108124

lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33c95b95f467ef8%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776d3dfc550b4f0e%40%3Cusers.maven.apache.org%3E

lists.apache.org/thread.html/5851cb0214f22ba681fb445870eeb6b01afd1fb614e45a22978d7dda%40%3Cusers.archiva.apache.org%3E

lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E

seclists.org/bugtraq/2019/Apr/48

EPSS

0.004

Percentile

73.4%

Related for CVELIST:CVE-2019-0214

cve1 osv2 nvd1 github1 veracode1 prion1 openvas1 zdt1