CVE-2019-0214

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUM

EPSS

1.6%

top 18.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Archiva Apache Apache Archiva

Timeline

PublishedApr 30

Latest updateMay 14

Description

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.archiva:archiva2.2.0 — 2.2.4

▶NVDapache/archiva1.2 — 1.3.9+1

▶CVEListV5apache/apache_archivaAll versions prior to version 2.2.4

🔴Vulnerability Details

OSV

Improper Input Validation in Apache Archiva↗2019-05-14

▶

GHSA

Improper Input Validation in Apache Archiva↗2019-05-14

▶

CVEList

CVE-2019-0214: In Apache Archiva 2↗2019-04-30

▶