3 matches found
CVE-2019-0214
In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...
Apache Archiva 2.2.3 Cross Site Scripting / File Write / Delete Vulnerabilities
Exploit for multiple platform in category web applications CVE-2019-0213: Apache Archiva Stored XSS Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Archiva 2.0.0 - 2.2.3 The unsupported versions 1.x are also affected. It may be possible to store malicious XSS code...
CVE-2019-0214
Apache Archiva 2.0.0–2.2.3 is affected by CVE-2019-0214, where the artifact upload mechanism allows writing files to arbitrary locations and can overwrite existing files if the Archiva process user has filesystem permissions. Root cause described is improper handling of uploaded artifact file pat...