GoogleOSV:GHSA-CQCF-4G4H-RGHFCross-site scripting in Apache Archiva
EPSS
Percentile
60.9%
In Apache Archiva before 2.2.4, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.
References
archiva.apache.org/security.html#CVE-2019-0213
packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html
www.openwall.com/lists/oss-security/2019/04/30/7
www.securityfocus.com/bid/108123
lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3@%3Cusers.archiva.apache.org%3E
lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb@%3Cissues.archiva.apache.org%3E
lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97@%3Cusers.maven.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2019-0213
seclists.org/bugtraq/2019/Apr/47
Related
