Description

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Remediation

References

http://archiva.apache.org/security.html#CVE-2019-0214

http://packetstormsecurity.com/files/152684/Apache-Archiva-2.2.3-File-Write-Delete.html

http://www.openwall.com/lists/oss-security/2019/04/30/8

http://www.securityfocus.com/bid/108124

https://lists.apache.org/thread.html/18b670afc2f83034f47ebeb2f797c350fe60f1f2b33c95b95f467ef8%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/239349b6dd8f66cf87a70c287b03af451dea158b776d3dfc550b4f0e%40%3Cusers.maven.apache.org%3E

https://lists.apache.org/thread.html/5851cb0214f22ba681fb445870eeb6b01afd1fb614e45a22978d7dda%40%3Cusers.archiva.apache.org%3E

https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E

https://seclists.org/bugtraq/2019/Apr/48

Related Vulnerabilities

CVE-2022-36099 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-snowflake

CVE-2021-37942 Vulnerability in maven package co.elastic.apm:elastic-apm-agent

CVE-2021-43801 Vulnerability in npm package mercurius

CVE-2023-25721 Vulnerability in maven package com.veracode.jenkins:veracode-scan

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory Mitigation Third Party Advisory VDB Entry Mailing List NVD-CWE-noinfo