Archiva@1.3.9 Security Vulnerabilities and Issues — Archiva@1.3.9 CVE List

Lucene search

ApacheArchiva1.3.9

3 matches found

CVE•added 2019/04/30 10:29 p.m.•74 views

CVE-2019-0214

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

6.5CVSS6.4AI score0.01743EPSS

CVE•added 2016/07/28 4:59 p.m.•61 views

CVE-2016-5005

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.

4.8CVSS4.9AI score0.00145EPSS

Web

CVE•added 2016/07/28 4:59 p.m.•53 views

CVE-2016-4469

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new re...

8.8CVSS9.1AI score0.00798EPSS

Web