Every CVE whose affected-product data names Apache Allura, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-1299 — CVSS 7.5 (high): In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers…
CVE-2024-36471 — CVSS 7.5 (high): Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run…
CVE-2018-1319 — CVSS 6.1 (medium): In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted…
CVE-2019-10085 — CVSS 6.1 (medium): In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The…
CVE-2023-46851 — CVSS 4.9 (medium): Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these…
CVE-2024-38379 — CVSS 4.8 (medium): Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the…