Apache Archiva vulnerabilities

CVE-2019-0213 [MEDIUM] CWE-79 CVE-2019-0213: In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configur In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

CVE-2019-0214 [MEDIUM] CVE-2019-0214: In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary lo In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.