Archiva@2.0.0 Security Vulnerabilities and Issues — Archiva@2.0.0 CVE List

Lucene search

ApacheArchiva2.0.0

4 matches found

CVE•added 2024/03/01 4:15 p.m.•89 views

CVE-2024-27139

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, w...

7.5CVSS7.5AI score0.00419EPSS

CVE•added 2024/03/01 4:15 p.m.•87 views

CVE-2024-27140

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recom...

5.4CVSS5.3AI score0.02273EPSS

CVE•added 2024/03/01 4:15 p.m.•76 views

CVE-2024-27138

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this i...

7.5CVSS7.4AI score0.00198EPSS

CVE•added 2019/04/30 10:29 p.m.•74 views

CVE-2019-0214

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

6.5CVSS6.4AI score0.01743EPSS