Search criteria
10 vulnerabilities found for Apache Allura by Apache Software Foundation
CVE-2024-38379 (GCVE-0-2024-38379)
Vulnerability from cvelistv5 – Published: 2024-06-22 09:09 – Updated: 2025-03-19 14:35
VLAI?
Title
Apache Allura: Stored authenticated XSS
Summary
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.
This issue affects Apache Allura: from 1.4.0 through 1.17.0.
Users are recommended to upgrade to version 1.17.1, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.4.0 , ≤ 1.17.0
(semver)
|
Credits
Ömer "WASP" Akincir
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-22T16:26:00.794232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:35:10.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T16:03:27.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/2lb6vp00sj2b2snpmhff5lyortxjsnrp"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.17.0",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00d6mer \"WASP\" Akincir "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache Allura\u0027s neighborhood settings are vulnerable to a stored XSS attack.\u0026nbsp; Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Allura: from 1.4.0 through 1.17.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.17.1, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Apache Allura\u0027s neighborhood settings are vulnerable to a stored XSS attack.\u00a0 Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.\n\nThis issue affects Apache Allura: from 1.4.0 through 1.17.0.\n\nUsers are recommended to upgrade to version 1.17.1, which fixes the issue.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-22T09:09:32.464Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/2lb6vp00sj2b2snpmhff5lyortxjsnrp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Allura: Stored authenticated XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-38379",
"datePublished": "2024-06-22T09:09:32.464Z",
"dateReserved": "2024-06-14T14:41:30.189Z",
"dateUpdated": "2025-03-19T14:35:10.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36471 (GCVE-0-2024-36471)
Vulnerability from cvelistv5 – Published: 2024-06-10 21:55 – Updated: 2024-09-13 16:03
VLAI?
Title
Apache Allura: sensitive information exposure via DNS rebinding
Summary
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them.
This issue affects Apache Allura from 1.0.1 through 1.16.0.
Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.0.1 , ≤ 1.16.0
(semver)
|
Credits
truff https://x.com/truffzor
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:allura:1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "allura",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.16.0",
"status": "affected",
"version": "1.0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:34:29.289181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:34:55.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T16:03:21.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/10/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.16.0",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "truff https://x.com/truffzor"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImport functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u0026nbsp; Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Allura from 1.0.1 through 1.16.0.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\n\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\n\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:55:06.170Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Allura: sensitive information exposure via DNS rebinding",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-36471",
"datePublished": "2024-06-10T21:55:06.170Z",
"dateReserved": "2024-05-28T15:56:51.451Z",
"dateUpdated": "2024-09-13T16:03:21.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46851 (GCVE-0-2023-46851)
Vulnerability from cvelistv5 – Published: 2023-11-07 08:56 – Updated: 2024-09-04 20:12
VLAI?
Title
Apache Allura: sensitive information exposure via import
Summary
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.
This issue affects Apache Allura from 1.0.1 through 1.15.0.
Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.0.1 , ≤ 1.15.0
(semver)
|
Credits
Stefan Schiller (Sonar)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://allura.apache.org/posts/2023-allura-1.16.0.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T20:12:19.673700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:12:28.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.15.0",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stefan Schiller (Sonar)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAllura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.\u0026nbsp; Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Allura from 1.0.1 through 1.15.0.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.16.0, which fixes the issue.\u0026nbsp; If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.\u00a0 Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.\n\nThis issue affects Apache Allura from 1.0.1 through 1.15.0.\n\nUsers are recommended to upgrade to version 1.16.0, which fixes the issue.\u00a0 If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T08:56:35.172Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://allura.apache.org/posts/2023-allura-1.16.0.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Allura: sensitive information exposure via import",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-46851",
"datePublished": "2023-11-07T08:56:35.172Z",
"dateReserved": "2023-10-27T16:19:54.325Z",
"dateUpdated": "2024-09-04T20:12:28.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1319 (GCVE-0-2018-1319)
Vulnerability from cvelistv5 – Published: 2018-03-15 20:00 – Updated: 2024-09-17 01:41
VLAI?
Summary
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.
Severity ?
No CVSS data available.
CWE
- HTTP response splitting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
prior to 1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20180315 [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da%40%3Cdev.allura.apache.org%3E"
},
{
"name": "103434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.8.1"
}
]
}
],
"datePublic": "2018-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim\u0027s browsing session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP response splitting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20180315 [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da%40%3Cdev.allura.apache.org%3E"
},
{
"name": "103434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-03-15T00:00:00",
"ID": "CVE-2018-1319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Allura",
"version": {
"version_data": [
{
"version_value": "prior to 1.8.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim\u0027s browsing session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP response splitting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20180315 [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da@%3Cdev.allura.apache.org%3E"
},
{
"name": "103434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1319",
"datePublished": "2018-03-15T20:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-17T01:41:55.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1299 (GCVE-0-2018-1299)
Vulnerability from cvelistv5 – Published: 2018-02-06 19:00 – Updated: 2024-09-16 21:07
VLAI?
Summary
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.0.0 to 1.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://allura.apache.org/posts/2018-allura-1.8.0.html"
},
{
"name": "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d%40%3Cdev.allura.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.7.0"
}
]
}
],
"datePublic": "2018-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-06T18:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://allura.apache.org/posts/2018-allura-1.8.0.html"
},
{
"name": "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d%40%3Cdev.allura.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-06T00:00:00",
"ID": "CVE-2018-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Allura",
"version": {
"version_data": [
{
"version_value": "1.0.0 to 1.7.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://allura.apache.org/posts/2018-allura-1.8.0.html",
"refsource": "CONFIRM",
"url": "https://allura.apache.org/posts/2018-allura-1.8.0.html"
},
{
"name": "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d@%3Cdev.allura.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1299",
"datePublished": "2018-02-06T19:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-16T21:07:54.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38379 (GCVE-0-2024-38379)
Vulnerability from nvd – Published: 2024-06-22 09:09 – Updated: 2025-03-19 14:35
VLAI?
Title
Apache Allura: Stored authenticated XSS
Summary
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.
This issue affects Apache Allura: from 1.4.0 through 1.17.0.
Users are recommended to upgrade to version 1.17.1, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.4.0 , ≤ 1.17.0
(semver)
|
Credits
Ömer "WASP" Akincir
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-22T16:26:00.794232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:35:10.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T16:03:27.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/2lb6vp00sj2b2snpmhff5lyortxjsnrp"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.17.0",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00d6mer \"WASP\" Akincir "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApache Allura\u0027s neighborhood settings are vulnerable to a stored XSS attack.\u0026nbsp; Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Allura: from 1.4.0 through 1.17.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.17.1, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Apache Allura\u0027s neighborhood settings are vulnerable to a stored XSS attack.\u00a0 Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.\n\nThis issue affects Apache Allura: from 1.4.0 through 1.17.0.\n\nUsers are recommended to upgrade to version 1.17.1, which fixes the issue.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-22T09:09:32.464Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/2lb6vp00sj2b2snpmhff5lyortxjsnrp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Allura: Stored authenticated XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-38379",
"datePublished": "2024-06-22T09:09:32.464Z",
"dateReserved": "2024-06-14T14:41:30.189Z",
"dateUpdated": "2025-03-19T14:35:10.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36471 (GCVE-0-2024-36471)
Vulnerability from nvd – Published: 2024-06-10 21:55 – Updated: 2024-09-13 16:03
VLAI?
Title
Apache Allura: sensitive information exposure via DNS rebinding
Summary
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them.
This issue affects Apache Allura from 1.0.1 through 1.16.0.
Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.0.1 , ≤ 1.16.0
(semver)
|
Credits
truff https://x.com/truffzor
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:allura:1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "allura",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.16.0",
"status": "affected",
"version": "1.0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:34:29.289181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:34:55.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T16:03:21.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/10/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.16.0",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "truff https://x.com/truffzor"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImport functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u0026nbsp; Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Allura from 1.0.1 through 1.16.0.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.\u00a0 Project administrators can run these imports, which could cause Allura to read from internal services and expose them.\n\nThis issue affects Apache Allura from 1.0.1 through 1.16.0.\n\nUsers are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T21:55:06.170Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/g43164t4bcp0tjwt4opxyks4svm8kvbh"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Allura: sensitive information exposure via DNS rebinding",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-36471",
"datePublished": "2024-06-10T21:55:06.170Z",
"dateReserved": "2024-05-28T15:56:51.451Z",
"dateUpdated": "2024-09-13T16:03:21.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46851 (GCVE-0-2023-46851)
Vulnerability from nvd – Published: 2023-11-07 08:56 – Updated: 2024-09-04 20:12
VLAI?
Title
Apache Allura: sensitive information exposure via import
Summary
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.
This issue affects Apache Allura from 1.0.1 through 1.15.0.
Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.0.1 , ≤ 1.15.0
(semver)
|
Credits
Stefan Schiller (Sonar)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://allura.apache.org/posts/2023-allura-1.16.0.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T20:12:19.673700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:12:28.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.15.0",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stefan Schiller (Sonar)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAllura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.\u0026nbsp; Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Allura from 1.0.1 through 1.15.0.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.16.0, which fixes the issue.\u0026nbsp; If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.\u00a0 Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.\n\nThis issue affects Apache Allura from 1.0.1 through 1.15.0.\n\nUsers are recommended to upgrade to version 1.16.0, which fixes the issue.\u00a0 If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T08:56:35.172Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://allura.apache.org/posts/2023-allura-1.16.0.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Allura: sensitive information exposure via import",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-46851",
"datePublished": "2023-11-07T08:56:35.172Z",
"dateReserved": "2023-10-27T16:19:54.325Z",
"dateUpdated": "2024-09-04T20:12:28.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1319 (GCVE-0-2018-1319)
Vulnerability from nvd – Published: 2018-03-15 20:00 – Updated: 2024-09-17 01:41
VLAI?
Summary
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.
Severity ?
No CVSS data available.
CWE
- HTTP response splitting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
prior to 1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20180315 [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da%40%3Cdev.allura.apache.org%3E"
},
{
"name": "103434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.8.1"
}
]
}
],
"datePublic": "2018-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim\u0027s browsing session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP response splitting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20180315 [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da%40%3Cdev.allura.apache.org%3E"
},
{
"name": "103434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-03-15T00:00:00",
"ID": "CVE-2018-1319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Allura",
"version": {
"version_data": [
{
"version_value": "prior to 1.8.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim\u0027s browsing session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP response splitting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20180315 [SECURITY] CVE-2018-1319 Apache Allura HTTP response splitting",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/22b74bc4002091157ec2bddf9fa3b7643ffaa77aa6cb85562f0e30da@%3Cdev.allura.apache.org%3E"
},
{
"name": "103434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1319",
"datePublished": "2018-03-15T20:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-17T01:41:55.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1299 (GCVE-0-2018-1299)
Vulnerability from nvd – Published: 2018-02-06 19:00 – Updated: 2024-09-16 21:07
VLAI?
Summary
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Allura |
Affected:
1.0.0 to 1.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://allura.apache.org/posts/2018-allura-1.8.0.html"
},
{
"name": "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d%40%3Cdev.allura.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.7.0"
}
]
}
],
"datePublic": "2018-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-06T18:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://allura.apache.org/posts/2018-allura-1.8.0.html"
},
{
"name": "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d%40%3Cdev.allura.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-06T00:00:00",
"ID": "CVE-2018-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Allura",
"version": {
"version_data": [
{
"version_value": "1.0.0 to 1.7.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://allura.apache.org/posts/2018-allura-1.8.0.html",
"refsource": "CONFIRM",
"url": "https://allura.apache.org/posts/2018-allura-1.8.0.html"
},
{
"name": "[dev] 20180206 [SECURITY] CVE-2018-1299 Apache Allura directory traversal vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b52069073cf3cb0f84c9e1e2b34d411fc163af39e4f3e50712ac8a4d@%3Cdev.allura.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1299",
"datePublished": "2018-02-06T19:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-16T21:07:54.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}