Lucene search
ApacheVULNRICHMENT:CVE-2024-38379HistoryJun 22, 2024 - 9:09 a.m.
CVE-2024-38379 Apache Allura: Stored authenticated XSS
2024-06-2209:09:32
CWE-79
apache
github.com
5
apache allura
neighborhood settings
stored xss
limited risk
untrusted admin
upgrade 1.17.1
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
27.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Apache Allura’s neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.
This issue affects Apache Allura: from 1.4.0 through 1.17.0.
Users are recommended to upgrade to version 1.17.1, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Allura",
"versions": [
{
"status": "affected",
"version": "1.4.0",
"versionType": "semver",
"lessThanOrEqual": "1.17.0"
}
],
"defaultStatus": "unaffected"
}
]Related
cve
cve
CVE-2024-38379
2024-06-22 09:15:09
nvd
nvd
CVE-2024-38379
2024-06-22 09:15:09
osv
osv
CVE-2024-38379
2024-06-22 09:15:09
cvelist
cvelist
CVE-2024-38379 Apache Allura: Stored authenticated XSS
2024-06-22 09:09:32
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
27.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-38379