Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
archiva vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40308
If anonymous read enabled, it's possible to read the database file directly without logging in.
Apache Archiva
5.5
CVSSv2
CVE-2019-0213
In Apache Archiva prior to 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the brow...
Apache Archiva
4
CVSSv2
CVE-2022-29405
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
Apache Archiva
NA
CVE-2022-40309
Users with write permissions to a repository can delete arbitrary directories.
Apache Archiva
3.5
CVSSv2
CVE-2016-5005
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and previous versions allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
Apache Archiva
5.5
CVSSv2
CVE-2019-0214
In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.
Apache Archiva
NA
CVE-2016-50052
Apache Archiva version 1.3.9 suffers from a cross site scripting vulnerability.
NA
CVE-2016-50052016
Apache Archiva version 1.3.9 suffers from a cross site scripting vulnerability.
NA
CVE-2016-44692
Apache Archiva version 1.3.9 suffers from a cross site request forgery vulnerability.
NA
CVE-2016-44692016
Apache Archiva version 1.3.9 suffers from a cross site request forgery vulnerability.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »