org.apache.archiva:archiva (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.archiva:archiva, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2017-5657 — CVSS 8.0 (high): Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site…
CVE-2024-27139 — CVSS 7.5 (high): ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an…
CVE-2024-27138 — CVSS 7.5 (high): ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user…
CVE-2010-4408 — CVSS 6.8 (medium): Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's…
CVE-2022-29405 — CVSS 6.5 (medium): In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
CVE-2019-0214 — CVSS 6.5 (medium): In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload…
CVE-2019-0213 — CVSS 6.5 (medium): In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The…
CVE-2023-28158 — CVSS 6.5 (medium): Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by…
CVE-2020-9495 — CVSS 5.3 (medium): Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the…
CVE-2016-5005 — CVSS 4.8 (medium): Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary…
CVE-2011-0533 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3…