All the vulnerabilites related to Apache Software Foundation - Apache Archiva
cve-2017-5657
Vulnerability from cvelistv5
Published
2017-05-22 18:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).
References
| ▼ | URL | Tags |
|---|---|---|
| http://archiva.apache.org/security.html#CVE-2017-5657 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98570 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038528 | vdb-entry, x_refsource_SECTRACK | |
| https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: 1.x Version: 2.0.0, 2.0.1 Version: 2.1.0, 2.1.1 Version: 2.2.0, 2.2.1, 2.2.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://archiva.apache.org/security.html#CVE-2017-5657"
},
{
"name": "98570",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98570"
},
{
"name": "1038528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038528"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.x"
},
{
"status": "affected",
"version": "2.0.0, 2.0.1"
},
{
"status": "affected",
"version": "2.1.0, 2.1.1"
},
{
"status": "affected",
"version": "2.2.0, 2.2.1, 2.2.2"
}
]
}
],
"datePublic": "2017-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Apache Archiva CSRF vulnerabilities for various REST endpoints",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-16T17:06:06",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://archiva.apache.org/security.html#CVE-2017-5657"
},
{
"name": "98570",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98570"
},
{
"name": "1038528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038528"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Archiva",
"version": {
"version_data": [
{
"version_value": "1.x"
},
{
"version_value": "2.0.0, 2.0.1"
},
{
"version_value": "2.1.0, 2.1.1"
},
{
"version_value": "2.2.0, 2.2.1, 2.2.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Apache Archiva CSRF vulnerabilities for various REST endpoints"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://archiva.apache.org/security.html#CVE-2017-5657",
"refsource": "CONFIRM",
"url": "http://archiva.apache.org/security.html#CVE-2017-5657"
},
{
"name": "98570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98570"
},
{
"name": "1038528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038528"
},
{
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-5657",
"datePublished": "2017-05-22T18:00:00",
"dateReserved": "2017-01-29T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29405
Vulnerability from cvelistv5
Published
2022-05-25 07:15
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
References
| ▼ | URL | Tags |
|---|---|---|
| https://archiva.apache.org/docs/2.2.8/release-notes.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: 2.2 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:55.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://archiva.apache.org/docs/2.2.8/release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.2.7",
"status": "affected",
"version": "2.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Apache Archiva Arbitrary user password reset vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T07:15:11",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://archiva.apache.org/docs/2.2.8/release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Archiva Arbitrary user password reset vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-29405",
"STATE": "PUBLIC",
"TITLE": "Apache Archiva Arbitrary user password reset vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Archiva",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.2",
"version_value": "2.2.7"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Apache Archiva Arbitrary user password reset vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://archiva.apache.org/docs/2.2.8/release-notes.html",
"refsource": "MISC",
"url": "https://archiva.apache.org/docs/2.2.8/release-notes.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-29405",
"datePublished": "2022-05-25T07:15:11",
"dateReserved": "2022-04-18T00:00:00",
"dateUpdated": "2024-08-03T06:17:55.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27139
Vulnerability from cvelistv5
Published
2024-03-01 15:40
Modified
2024-08-02 00:27
Severity ?
EPSS score ?
Summary
** UNSUPPORTED WHEN ASSIGNED **
Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: 2.0.0 ≤ * |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_archiva:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_archiva",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:21:13.533716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T14:19:12.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/01/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1uHrm of cyberkl"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "** UNSUPPORTED WHEN ASSIGNED **\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIncorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Archiva: from 2.0.0.\u003c/p\u003e\u003cp\u003eAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "** UNSUPPORTED WHEN ASSIGNED **\n\nIncorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.\n\nThis issue affects Apache Archiva: from 2.0.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T15:40:49.893Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/01/3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Apache Archiva: incorrect authentication potentially leading to account takeover",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27139",
"datePublished": "2024-03-01T15:40:49.893Z",
"dateReserved": "2024-02-20T15:54:30.546Z",
"dateUpdated": "2024-08-02T00:27:59.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40308
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
If anonymous read enabled, it's possible to read the database file directly without logging in.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: Apache Archiva < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/x01pnn0jjsw512cscxsbxzrjmz64n4cc"
},
{
"name": "[oss-security] 20221115 CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/15/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.2.8",
"status": "affected",
"version": "Apache Archiva",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to L3yx of Syclover Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "If anonymous read enabled, it\u0027s possible to read the database file directly without logging in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/x01pnn0jjsw512cscxsbxzrjmz64n4cc"
},
{
"name": "[oss-security] 20221115 CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/15/2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-40308",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-09-09T00:00:00",
"dateUpdated": "2024-08-03T12:14:40.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27140
Vulnerability from cvelistv5
Published
2024-03-01 15:40
Modified
2024-12-04 21:06
Severity ?
EPSS score ?
Summary
** UNSUPPORTED WHEN ASSIGNED **
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: 2.0.0 ≤ * |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/01/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:53:57.523304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T21:06:42.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "sandr0 / Sandro Bauer (sandr0.xyz)"
},
{
"lang": "en",
"type": "finder",
"value": "BTullis / Ben Tullis (wikimedia.org)"
},
{
"lang": "en",
"type": "finder",
"value": "sbassett / Scott Bassett (wikimedia.org)"
},
{
"lang": "en",
"type": "finder",
"value": "L0ne1y"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e** UNSUPPORTED WHEN ASSIGNED **\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eImproper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Apache Archiva.\u003c/div\u003e\u003cp\u003eThis issue affects Apache Archiva: from 2.0.0.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "** UNSUPPORTED WHEN ASSIGNED **\n\nImproper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Apache Archiva.\n\nThis issue affects Apache Archiva: from 2.0.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T15:40:08.456Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/01/2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Apache Archiva: reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27140",
"datePublished": "2024-03-01T15:40:08.456Z",
"dateReserved": "2024-02-20T15:56:43.961Z",
"dateUpdated": "2024-12-04T21:06:42.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27138
Vulnerability from cvelistv5
Published
2024-03-01 15:41
Modified
2024-08-21 20:39
Severity ?
EPSS score ?
Summary
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.
Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: 2.0.0 ≤ * |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/01/4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "archiva",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T20:35:32.425736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:39:03.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser, @frycos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eApache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003eNOTE: This vulnerability only affects products that are no longer supported by the maintainer\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.\n\nApache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T15:41:12.677Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/01/4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Apache Archiva: disabling user registration is not effective",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27138",
"datePublished": "2024-03-01T15:41:12.677Z",
"dateReserved": "2024-02-20T15:31:32.266Z",
"dateUpdated": "2024-08-21T20:39:03.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40309
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
Users with write permissions to a repository can delete arbitrary directories.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/1odl4p85r96n27k577jk6ftrp19xfc27"
},
{
"name": "[oss-security] 20221115 CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/15/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to L3yx of Syclover Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "Users with write permissions to a repository can delete arbitrary directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary directory deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/1odl4p85r96n27k577jk6ftrp19xfc27"
},
{
"name": "[oss-security] 20221115 CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/15/3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-40309",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-09-09T00:00:00",
"dateUpdated": "2024-08-03T12:14:40.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28158
Vulnerability from cvelistv5
Published
2023-03-29 12:21
Modified
2024-10-23 15:12
Severity ?
EPSS score ?
Summary
Privilege escalation via stored XSS using the file upload service to upload malicious content.
The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Archiva |
Version: 2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:12:27.939865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:12:35.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.10",
"status": "affected",
"version": "2.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "sandr0 (sandr0.xyz) "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:21:46.932Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Archiva privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-28158",
"datePublished": "2023-03-29T12:21:46.932Z",
"dateReserved": "2023-03-13T02:37:38.879Z",
"dateUpdated": "2024-10-23T15:12:35.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}