Description

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

Remediation

References

http://archiva.apache.org/security.html#CVE-2019-0213

http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html

http://www.openwall.com/lists/oss-security/2019/04/30/7

http://www.securityfocus.com/bid/108123

https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E

https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E

https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E

https://seclists.org/bugtraq/2019/Apr/47

Related Vulnerabilities

CVE-2023-49652 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

CVE-2023-39155 Vulnerability in maven package org.jenkins-ci.plugins:chef-identity

CVE-2018-1000153 Vulnerability in maven package org.jenkins-ci.plugins:vsphere-cloud

CVE-2021-43308 Vulnerability in npm package markdown-link-extractor

CVE-2022-21671 Vulnerability in npm package @replit/crosis

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry Mailing List