Lucene search
K
ApacheAllura

6 matches found

CVE
CVE
added 2019/06/18 11:7 p.m.115 views

CVE-2019-10085

The CVE-2019-10085 entry concerns Apache Allura versions prior to 1.11.0 with a stored XSS vulnerability in the user dropdown selector on the ticket creation/editing page. The issue arises from the vulnerability existing on that UI element, enabling malicious input to be stored and potentially ex...

6.1CVSS5.9AI score0.0514EPSS
CVE
CVE
added 2024/06/22 9:9 a.m.65 views

CVE-2024-38379

CVE-2024-38379 affects Apache Allura (versions 1.4.0–1.17.0). The vulnerability is a stored XSS in the neighborhood settings, accessible only to neighborhood admins, limiting scope to configurations where admins aren’t fully trusted. Root cause is unfiltered/unsafely handled user data in these se...

4.8CVSS4.9AI score0.00692EPSS
CVE
CVE
added 2024/06/10 9:55 p.m.63 views

CVE-2024-36471

Apache Allura is affected (versions 1.0.1–1.16.0). The import functionality permits DNS rebinding attacks between URL verification and processing, potentially allowing Allura to read from internal services and expose them. Impact is described as high with network access and no authentication requ...

7.5CVSS7.5AI score0.0075EPSS
CVE
CVE
added 2018/02/06 7:0 p.m.53 views

CVE-2018-1299

In Apache Allura, CVE-2018-1299 affects Allura versions prior to 1.8.0. Unauthenticated attackers can retrieve arbitrary files via the Allura web application; some web servers (e.g., Nginx, Apache/mod_wsgi, paster) may mitigate, while others (e.g., gunicorn) do not. Mitigation is to upgrade to Al...

7.5CVSS7.8AI score0.03059EPSS
CVE
CVE
added 2018/03/15 8:0 p.m.51 views

CVE-2018-1319

CVE-2018-1319 affects Apache Allura before 1.8.1. The issue arises from attackers crafting URLs that trigger HTTP response splitting, potentially enabling XSS or DoS for victims. Connected sources confirm the affected product (Allura) and the vulnerable condition (pre-1.8.1) with the same impact ...

6.1CVSS6.2AI score0.02286EPSS
CVE
CVE
added 2023/11/07 8:56 a.m.44 views

CVE-2023-46851

CVE-2023-46851 affects Apache Allura 1.0.1–1.15.0, caused by importing attachments without restricting URL values, enabling reading of local files. This exposes internal files and can lead to exploits such as session hijacking or remote code execution. A fix is available in Allura 1.16.0. If upgr...

4.9CVSS5.4AI score0.01647EPSS