Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Archiva
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-25 | CVE-2022-29405 | In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 | Archiva | 6.5 | ||
| 2023-03-29 | CVE-2023-28158 | Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user. | Archiva | 5.4 | ||
| 2022-11-15 | CVE-2022-40308 | If anonymous read enabled, it's possible to read the database file directly without logging in. | Archiva | 7.5 | ||
| 2022-11-15 | CVE-2022-40309 | Users with write permissions to a repository can delete arbitrary directories. | Archiva | 4.3 | ||
| 2014-04-22 | CVE-2013-2187 | Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page. | Archiva | N/A | ||
| 2011-06-02 | CVE-2011-1077 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Archiva | N/A | ||
| 2011-06-02 | CVE-2011-1026 | Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators. | Archiva | N/A |