CVE-2019-0213
N/A
N/A
Summary
In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache | Apache Archiva | All versions prior to version 2.2.4 | affected |
Weaknesses
- Stored XSS
ADP Enrichment
CVE Program Container
Additional References
- https://seclists.org/bugtraq/2019/Apr/47
- https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E
- https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/04/30/7
- http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html
- http://archiva.apache.org/security.html#CVE-2019-0213
- https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E
- http://www.securityfocus.com/bid/108123
- https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E
References
- https://seclists.org/bugtraq/2019/Apr/47
- https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E
- https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/04/30/7
- http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html
- http://archiva.apache.org/security.html#CVE-2019-0213
- https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E
- http://www.securityfocus.com/bid/108123
- https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.