CVE-2024-27140 |
BDSA-2024-0505 |
|
Mar 01, 2024 |
** UNSUPPORTED WHEN ASSIGNED **
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.
more...
** UNSUPPORTED WHEN ASSIGNED **
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
less...
|
2.2.10, 2.2.9, 2.2.8, 2.2.7, 2.2.6, 2.2.3, 2.2.1, 2.2.0, 2.1.1, 2.1.0
|
CVE-2024-27139 |
BDSA-2024-0504 |
|
Mar 01, 2024 |
** UNSUPPORTED WHEN ASSIGNED **
Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated a
more...
** UNSUPPORTED WHEN ASSIGNED **
Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
less...
|
2.2.10, 2.2.9, 2.2.8, 2.2.7, 2.2.6, 2.2.3, 2.2.1, 2.2.0, 2.1.1, 2.1.0
|
CVE-2024-27138 |
BDSA-2024-0503 |
|
Mar 01, 2024 |
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.
Apache Archiva has a setting to disable user registration, ho
more...
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.
Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer
less...
|
2.2.10, 2.2.9, 2.2.8, 2.2.7, 2.2.6, 2.2.3, 2.2.1, 2.2.0, 2.1.1, 2.1.0
|