Apache Software Foundation Archiva 2.2.4

CPE Details

Apache Software Foundation Archiva 2.2.4
apache
archiva
2.2.4
2019-05-01
13h30 +00:00
2019-05-01
13h30 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:archiva:2.2.4:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

archiva

Version

2.2.4

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-28158 2023-03-29 12h21 +00:00 Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
6.5
Moyen
CVE-2022-40308 2022-11-14 23h00 +00:00 If anonymous read enabled, it's possible to read the database file directly without logging in.
7.5
Haute
CVE-2022-40309 2022-11-14 23h00 +00:00 Users with write permissions to a repository can delete arbitrary directories.
4.3
Moyen
CVE-2022-29405 2022-05-25 05h15 +00:00 In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
6.5
Moyen
CVE-2020-9495 2020-06-19 16h59 +00:00 Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.
5.3
Moyen