Lucene search
ApacheCVELIST:CVE-2024-38379HistoryJun 22, 2024 - 9:09 a.m.
CVE-2024-38379 Apache Allura: Stored authenticated XSS
2024-06-2209:09:32
CWE-79
apache
www.cve.org
2
apache allura
neighborhood settings
stored xss
version 1.17.1
cve-2024-38379
0.0004 Low
EPSS
Percentile
9.1%
Apache Alluraβs neighborhood settings are vulnerable to a stored XSS attack.Β Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.
This issue affects Apache Allura: from 1.4.0 through 1.17.0.
Users are recommended to upgrade to version 1.17.1, which fixes the issue.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.17.0",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2024-38379
2024-06-22 09:15:09
vulnrichment
vulnrichment
CVE-2024-38379 Apache Allura: Stored authenticated XSS
2024-06-22 09:09:32
nvd
nvd
CVE-2024-38379
2024-06-22 09:15:09