Apache Allura

Settings | Report Duplicate

24

I Use This!

Moderate Activity

Analyzed about 1 hour ago. based on code collected about 1 hour ago.

Security

Vulnerabilities per Version

Learn more about BDSAs

Major Versions

click and drag to zoom

Security Vulnerabilities for Version:

Severities:

Type

Identifier	Related Record	Severity	Date Published	Description	Versions Affected
CVE-2024-38379	BDSA-2024-3988	Medium	Jun 22, 2024	Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk more...	1.12.0, 1.11.1, 1.11.0, 1.10.0, 1.9.0, 1.8.1, 1.8.0, 1.7.0, 1.6.0, 1.5.0
CVE-2024-36471	BDSA-2024-3627		Jun 10, 2024	Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these impor more...	1.12.0, 1.11.1, 1.11.0, 1.10.0, 1.9.0, 1.8.1, 1.8.0, 1.7.0, 1.6.0, 1.5.0
CVE-2023-46851		Medium	Nov 07, 2023	Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which more...	1.12.0, 1.11.1, 1.11.0, 1.10.0, 1.9.0, 1.8.1, 1.8.0, 1.7.0, 1.6.0, 1.5.0