Skip to main content

Allura

6 CVEs product

Monthly

CVE-2024-38379 MEDIUM This Month

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Allura
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2024-36471 HIGH This Week

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Allura
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46851 MEDIUM PATCH This Month

Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Apache RCE Allura
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2019-10085 MEDIUM This Month

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Allura
NVD
CVSS 3.0
6.1
EPSS
5.1%
CVE-2018-1319 MEDIUM This Month

In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Allura
NVD
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-1299 HIGH This Week

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Nginx Allura
NVD
CVSS 3.0
7.5
EPSS
3.1%
EPSS 1% CVSS 4.8
MEDIUM This Month

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Allura
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Allura
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Apache RCE Allura
NVD
EPSS 5% CVSS 6.1
MEDIUM This Month

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Allura
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Allura
NVD
EPSS 3% CVSS 7.5
HIGH This Week

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Nginx +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy