Apache Software Foundation Archiva 2.2.4

CPE Details

Apache Software Foundation Archiva 2.2.4
apache
archiva
2.2.4
2019-05-01
13h30 +00:00
2019-05-01
13h30 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:archiva:2.2.4:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

archiva

Version

2.2.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-28158 2023-03-29 12h21 +00:00 Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
6.5
Medium
CVE-2022-40308 2022-11-14 23h00 +00:00 If anonymous read enabled, it's possible to read the database file directly without logging in.
7.5
High
CVE-2022-40309 2022-11-14 23h00 +00:00 Users with write permissions to a repository can delete arbitrary directories.
4.3
Medium
CVE-2022-29405 2022-05-25 05h15 +00:00 In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
6.5
Medium
CVE-2020-9495 2020-06-19 16h59 +00:00 Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.
5.3
Medium