Description
In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.
Remediation
References
https://seclists.org/bugtraq/2019/Apr/47
http://www.openwall.com/lists/oss-security/2019/04/30/7
http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html
http://archiva.apache.org/security.html#CVE-2019-0213
http://www.securityfocus.com/bid/108123
https://lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E
https://lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E
https://lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E
https://lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E
Related Vulnerabilities
CVE-2022-22947 Vulnerability in maven package org.springframework.cloud:spring-cloud-gateway
CVE-2022-47937 Vulnerability in maven package org.apache.sling:org.apache.sling.commons.json
CVE-2021-23434 Vulnerability in npm package object-path
CVE-2023-37958 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher
CVE-2021-21625 Vulnerability in maven package org.jenkins-ci.plugins:aws-credentials