Skip to main content

Archiva

14 CVEs product

Monthly

CVE-2024-27140 Maven MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Archiva
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2024-27139 Maven HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-27138 Maven HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28158 Maven MEDIUM PATCH This Month

Privilege escalation via stored XSS using the file upload service to upload malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation File Upload XSS Archiva
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-40309 Maven MEDIUM PATCH This Month

Users with write permissions to a repository can delete arbitrary directories. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archiva
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2022-40308 Maven HIGH PATCH This Week

If anonymous read enabled, it's possible to read the database file directly without logging in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Archiva
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29405 Maven MEDIUM PATCH This Month

In Apache Archiva, any registered user can reset password for any users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Archiva
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-9495 Maven MEDIUM PATCH This Month

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Archiva
NVD
CVSS 3.1
5.3
EPSS
8.0%
CVE-2019-0214 Maven MEDIUM PATCH This Month

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Archiva
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2019-0213 Maven MEDIUM PATCH This Month

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apache Archiva
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2017-5657 Maven HIGH PATCH This Week

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Archiva
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-5005 Maven MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Apache Archiva
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2016-4469 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Apache Archiva
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.8%
CVE-2013-2187 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apache Archiva
NVD VulDB
CVSS 2.0
4.3
EPSS
1.1%
EPSS 1% CVSS 5.4
MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Archiva
NVD
EPSS 1% CVSS 7.5
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
EPSS 1% CVSS 7.5
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Privilege escalation via stored XSS using the file upload service to upload malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation File Upload XSS +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Users with write permissions to a repository can delete arbitrary directories. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archiva
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

If anonymous read enabled, it's possible to read the database file directly without logging in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Archiva
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In Apache Archiva, any registered user can reset password for any users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Archiva
NVD
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Archiva
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Archiva
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apache Archiva
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Archiva
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Apache Archiva
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Apache Archiva
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apache Archiva
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy