Description

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

Remediation

References

https://seclists.org/bugtraq/2019/Apr/47

http://www.openwall.com/lists/oss-security/2019/04/30/7

http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html

http://archiva.apache.org/security.html#CVE-2019-0213

http://www.securityfocus.com/bid/108123

https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E

https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E

https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E

https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E

Related Vulnerabilities

CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2019-20444 Vulnerability in maven package io.netty:netty-all

CVE-2013-2251 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2018-12023 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory