cvelistv5 - cve-2023-28158

CVE-2023-28158 (GCVE-0-2023-28158)

Vulnerability from cvelistv5 – Published: 2023-03-29 12:21 – Updated: 2025-02-13 16:45

Summary

Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/8pm6d5y9cptznm0bd…	vendor-advisory
	http://www.openwall.com/lists/oss-security/2023/04/18/2

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Archiva	Affected: 2.0 , < 2.2.10 (maven)

Credits

sandr0 (sandr0.xyz)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:24.174Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T15:12:27.939865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T15:12:35.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Archiva",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.2.10",
              "status": "affected",
              "version": "2.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "sandr0 (sandr0.xyz)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T02:06:24.671Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Archiva privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-28158",
    "datePublished": "2023-03-29T12:21:46.932Z",
    "dateReserved": "2023-03-13T02:37:38.879Z",
    "dateUpdated": "2025-02-13T16:45:40.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0\", \"versionEndExcluding\": \"2.2.10\", \"matchCriteriaId\": \"95454E36-5438-4F8A-BB13-073645DAA1C4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Privilege escalation via stored XSS using the file upload service to upload malicious content.\\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\\n\\n\"}]",
      "id": "CVE-2023-28158",
      "lastModified": "2024-11-21T07:54:30.337",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 3.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2023-03-29T13:15:08.313",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/04/18/2\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/04/18/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28158\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-03-29T13:15:08.313\",\"lastModified\":\"2025-02-13T17:16:14.527\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Privilege escalation via stored XSS using the file upload service to upload malicious content.\\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.2.10\",\"matchCriteriaId\":\"95454E36-5438-4F8A-BB13-073645DAA1C4\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/04/18/2\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/04/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/04/18/2\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:30:24.174Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28158\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T15:12:27.939865Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T15:12:32.825Z\"}}], \"cna\": {\"title\": \"Apache Archiva privilege escalation\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"sandr0 (sandr0.xyz)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Archiva\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\", \"lessThan\": \"2.2.10\", \"versionType\": \"maven\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/04/18/2\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Privilege escalation via stored XSS using the file upload service to upload malicious content.\\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Privilege escalation via stored XSS using the file upload service to upload malicious content.\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-04-18T02:06:24.671Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-28158\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:45:40.751Z\", \"dateReserved\": \"2023-03-13T02:37:38.879Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-03-29T12:21:46.932Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2023-23556

Vulnerability from cnvd - Published: 2023-04-03

Title

Apache Archiva跨站脚本漏洞（CNVD-2023-23556）

Description

Apache Archiva是美国阿帕奇（Apache）基金会的一套用于管理一个或多个远程存储的软件。该软件提供远程Repository代理、基于角色的安全访问管理和使用情况报告等功能。 Apache Archiva 2.0至2.2.10之前版本存在跨站脚本漏洞。该漏洞创建目录名称对用户提供的数据缺乏有效过滤与转义，攻击者可利用该漏洞通过注入精心设计的有效载荷执行任意Web脚本或HTML。

Severity

中

Patch Name

Apache Archiva跨站脚本漏洞（CNVD-2023-23556）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-28158

Impacted products

Name
Apache Archiva >=2.0，<=2.2.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-28158",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-28158"
    }
  },
  "description": "Apache Archiva\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406\u4e00\u4e2a\u6216\u591a\u4e2a\u8fdc\u7a0b\u5b58\u50a8\u7684\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u8fdc\u7a0bRepository\u4ee3\u7406\u3001\u57fa\u4e8e\u89d2\u8272\u7684\u5b89\u5168\u8bbf\u95ee\u7ba1\u7406\u548c\u4f7f\u7528\u60c5\u51b5\u62a5\u544a\u7b49\u529f\u80fd\u3002\n\nApache Archiva 2.0\u81f32.2.10\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u521b\u5efa\u76ee\u5f55\u540d\u79f0\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6ce8\u5165\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6709\u6548\u8f7d\u8377\u6267\u884c\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-23556",
  "openTime": "2023-04-03",
  "patchDescription": "Apache Archiva\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406\u4e00\u4e2a\u6216\u591a\u4e2a\u8fdc\u7a0b\u5b58\u50a8\u7684\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u8fdc\u7a0bRepository\u4ee3\u7406\u3001\u57fa\u4e8e\u89d2\u8272\u7684\u5b89\u5168\u8bbf\u95ee\u7ba1\u7406\u548c\u4f7f\u7528\u60c5\u51b5\u62a5\u544a\u7b49\u529f\u80fd\u3002\r\n\r\nApache Archiva 2.0\u81f32.2.10\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u521b\u5efa\u76ee\u5f55\u540d\u79f0\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6ce8\u5165\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6709\u6548\u8f7d\u8377\u6267\u884c\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Archiva\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-23556\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Archiva \u003e=2.0\uff0c\u003c=2.2.10"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-28158",
  "serverity": "\u4e2d",
  "submitTime": "2023-03-31",
  "title": "Apache Archiva\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-23556\uff09"
}

GHSA-QF34-F43R-GV9P

Vulnerability from github – Published: 2023-03-29 15:30 – Updated: 2023-04-05 19:38

Summary

Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS)

Details

Apache Archiva is vulnerable to privilege escalation vua stored cross-site-scripting using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges, such as an admin user.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.archiva:archiva"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.2.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-05T19:38:24Z",
    "nvd_published_at": "2023-03-29T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Archiva is vulnerable to privilege escalation vua stored cross-site-scripting using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges, such as an admin user.",
  "id": "GHSA-qf34-f43r-gv9p",
  "modified": "2023-04-05T19:38:24Z",
  "published": "2023-03-29T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28158"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/archiva/commit/d62e81c7e75f617cf01d2a75952a2c857758f8c4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/archiva/commit/e7f7e70992d361d8b7a3298ddcdf49dda2fdc842"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/archiva/commit/ee3ee0a18977b67b6997ea8cd023816201059f96"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/archiva"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/archiva/releases/tag/archiva-2.2.10"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS)"
}

FKIE_CVE-2023-28158

Vulnerability from fkie_nvd - Published: 2023-03-29 13:15 - Updated: 2025-02-13 17:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2023/04/18/2
security@apache.org	https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/04/18/2
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	archiva	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95454E36-5438-4F8A-BB13-073645DAA1C4",
              "versionEndExcluding": "2.2.10",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user."
    }
  ],
  "id": "CVE-2023-28158",
  "lastModified": "2025-02-13T17:16:14.527",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 3.7,
        "source": "security@apache.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T13:15:08.313",
  "references": [
    {
      "source": "security@apache.org",
      "url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GSD-2023-28158

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-28158

Aliases

CVE-2023-28158

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-28158",
    "id": "GSD-2023-28158"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-28158"
      ],
      "details": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\n\n",
      "id": "GSD-2023-28158",
      "modified": "2023-12-13T01:20:46.939328Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-28158",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Archiva",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "2.0",
                          "version_value": "2.2.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "sandr0 (sandr0.xyz) "
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/04/18/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.0,2.2.10)",
          "affected_versions": "All versions starting from 2.0 before 2.2.10",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2023-04-18",
          "description": "Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.",
          "fixed_versions": [],
          "identifier": "CVE-2023-28158",
          "identifiers": [
            "CVE-2023-28158"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.apache.archiva/archiva-webapp",
          "pubdate": "2023-03-29",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-28158",
            "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
          ],
          "uuid": "6f8cb5c1-1ccc-4d91-8fd3-0648c37b12f4"
        },
        {
          "affected_range": "[2.0,2.2.10)",
          "affected_versions": "All versions starting from 2.0 before 2.2.10",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2023-04-18",
          "description": "Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.",
          "fixed_versions": [],
          "identifier": "CVE-2023-28158",
          "identifiers": [
            "CVE-2023-28158"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.apache.archiva/archiva",
          "pubdate": "2023-03-29",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-28158",
            "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
          ],
          "uuid": "a0fb5bb6-fa24-4c53-9b53-435e08d41fd1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.10",
                "versionStartIncluding": "2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2023-28158"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Privilege escalation via stored XSS using the file upload service to upload malicious content.\nThe issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2023/04/18/2",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2023/04/18/2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-04-18T03:15Z",
      "publishedDate": "2023-03-29T13:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-28158 (GCVE-0-2023-28158)

CNVD-2023-23556

GHSA-QF34-F43R-GV9P

FKIE_CVE-2023-28158

GSD-2023-28158

Tags

Sightings

Nomenclature