CVE-2024-38379

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
2.3%
top 15.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache AlluraApache Software Foundation Apache Allura
Timeline
PublishedJun 22

Description

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDapache/allura1.4.01.17.1
CVEListV5apache_software_foundation/apache_allura1.4.01.17.0

🔴Vulnerability Details

2
CVEList
Apache Allura: Stored authenticated XSS2024-06-22
GHSA
GHSA-7p4c-c4rq-7g98: Apache Allura's neighborhood settings are vulnerable to a stored XSS attack2024-06-22